Key Responsibilities:

1. ICT Risk & Digital Operational Resilience Strategy

Develop and maintain the ICT Risk and Digital Operational Resilience Strategy; refresh annually using metrics and stakeholder input.

Align ICT risk activities, governance, and processes with group-defined risk appetite and tolerance.

Cascade ICT risk strategy across functional teams to ensure alignment with business goals.

Design and implement reporting capabilities to deliver actionable insights on risk position against appetite and tolerance.

Conduct annual reviews of ICT risk operating model and framework.

Integrate continuous improvement practices into ICT Risk and Digital Operational Resilience governance processes.

Document and communicate roles, responsibilities, and authorities related to ICT risk management.

Update ICT policies, standards, and procedures in line with regulatory requirements and ensure embedding across the business.

2. ICT Risk Controls Framework & Risk Assessment

Coordinate annual review and update of ICT policies for compliance and relevance.

Establish and maintain a centralized methodology for technology risk assessments.

Develop and maintain a unified framework for aggregating technology risks across business functions.

Consolidate departmental risk registers into a centralized Tech Risk Register and monitor remediation plans.

Produce actionable technology risk updates for governance forums, executive committees, and the Board.

Maintain ICT technology controls taxonomy aligned with best practices and regulatory requirements.

Conduct annual assurance to confirm ICT risk controls are embedded in policies and standards.

3. Compliance & Regulatory Alignment

Collaborate with 2nd Line Compliance to ensure alignment with new regulations impacting technology risk.

Assess regulatory implications for processes and submissions.

Benchmark technology risk approach against industry best practices.

Coordinate creation, maintenance, and review of exit plans and vendor risk management, including 4th-party tracking.

4. Training & Culture

Develop and implement ICT Risk training strategy and supporting programs.

Tailor training to role-specific responsibilities and maintain supporting materials.

Coordinate training for vendors to ensure compliance and resilience awareness.

Skills & Qualifications:

Experience:

8+ years in ICT Risk Management, Operational Resilience, or Technology Governance roles.

Strong understanding of regulatory frameworks (e.g., DORA, ISO 27001, NIST).

Technical Skills:

Familiarity with GRC tools and risk assessment methodologies.

Knowledge of ICT controls, risk taxonomy, and resilience frameworks.

Soft Skills:

Excellent stakeholder management and communication skills.

Strong analytical and problem-solving abilities.

Key Competencies:

Strategic thinking and ability to embed resilience practices across functions.

Continuous improvement mindset with governance expertise.

Ability to translate complex risk data into actionable insights for senior leadership.