ICT Risk Manager

Job title:

ICT Risk Manager

Company:

Generali

Job description

You will gain exposure to several international asset management companies in Europe and US, managing sophisticated strategies and different opening models.As a member of the Operation Risk team, the candidate will be part of a structure responsible for two major areas:Governance and steering:

Overseeing the implementation of the ICT Risk Management Framework across the Group Asset Managers in scope, improving understanding and communication of risk and challenging how risks are managed
Granting a sound and robust management of ICT risks borne by assets managed by Group Asset Managers and borne by the Group Asset Managers themselves, providing a consolidated view at GIH level
Streamlining and enhancing the ICT Risk Framework, coordinating the maintenance of the ICT Risk Governance (Policies and practices) and DORA framework
Leading the onboarding of new Group Asset Managers onto the ICT Risk Management framework

ICT Risk Management:

Execution of the ICT Risk Management framework for the Group Asset Managers that have outsourced these activities to GIH
Liaising with the main stakeholders within Group Asset Managers (IT & Security) to assess and manage ICT Risks
Report to the Local CRO at the Group Asset Managers and to the relevant governing bodies the results of the ICT risks activities

The final candidate will perform the following activities:Governance & steering:

Perform monthly meetings with Group Asset Managers to monitor the execution of the ICT Risk management activities
Consolidate on a quarterly basis the results of the ICT Risk Management activities at GIH level and report the results to GIH Risk and Control Committee
Prepare annual consolidated reporting for GIH Board of Directors on the evolution of the ICT Risk management framework and its operating effectiveness
Support the design, implementation and maintenance of the overall ICT Risk Management Framework
Coordinate the Local CRO of newly acquired Group Asset Manager for the implementation of the ICT Risk framework

ICT Risk Management:

Identifying and updating ICT & Cyber risk events related to business area managed
Reviewing ICT & Cyber risk Scenarios based on its peculiarities
Execute quantitative and qualitative risk methodologies
Performing the economic quantification of ICT and Security Major incidents to evaluate DORA relevance
Setting of ICT Risk Appetite Framework together with CISO and COO
Analyzing of Operative risk tolerances quarterly evidence monitoring collected and defined mitigation actions
Overseeing escalation process in case of hard limits breach and formalizing detailed risk evaluation
Reviewing reports and evidence shared by IT and Security functions (e.g., Backup and restore reports, Vulnerability assessments)
Formalizing executive reporting providing update on ICT Risk Management Framework risk evidence and key enhancements
Formalizing and annual Reviewing ICT & Cyber Risk reports (e.g., ICT & Cyber Risk Report and IT Booklet)

Our ideal candidate will meet the following requirements:

Bachelor’s degree in Computer Science, Information Technology (or equivalent experience)
Understanding of ICT and cyber security risks and the ability to develop and execute effective testing strategies with a good understanding of regulatory compliance requirements for the Financial Markets and Asset Management Industry
At least 2-5 years of relevant experience within information security or cyber risk management
Experience with ICT risk management methodologies (e.g. ISO, COBIT, NIST)
Experience with relevant regulation (e.g. GDPR, DORA)
Knowledge of statistical analysis and financial modeling