IT Risk Officer

Job details

General information

Entity

Crédit Agricole CIB is the corporate and investment banking arm of Crédit Agricole, the world's fifth-largest bank in total assets and Europe's fourth-largest bank by tier-one equity (The Banker - July 2013). Crédit Agricole CIB offers its clients a range of products and services in capital markets, investment banking, structured finance and commercial banking. The bank supports clients in major international markets through a global network linking the main countries in Europe, North and South America, Asia and the Middle East.   

Reference number

2024-91325  

Publication date

7/16/2024

Job description

Business type

Types of Jobs - IT / Project Management

Position title

IT Risk Officer

Contract type

Permanent Contract

Management position

NO

Missions

• IT Risk Officer role is to ensure that the Tech risk on IT assets/IT services are properly defined and well controlled. The Tech risk management framework including policies and standards could ensure CACIB Information System Security.

- To setup a Tech risk management framework for providing oversight of the IT Tech risk picture.
- Make sure the potential Tech risk and Technology operational risk were clear defined.
- Leading the Tech risk analysis or engage internal/external 3rd party for a formal tech risk assessment.
- Propose solution, join IT team risk remediation.
- Re-assess the residual risk after the remediation.
- Design, conduct Tech risk control testing, providing KRI visibility in IT risk dashboard.
- Accompanying local IT teams in technical security topics with ITSO, to ensure proper implementation of security standards and best practices
- Ensuring technical security is taken into account in all the projects, contribute to the risk analysis. Deliver Security Architecture and Engineering services for Business and IT projects.
- Responsible for defining and follow-up of necessary KRI’s, controls, processes to identify the potential risks and threats in IT Systems, ensure appropriate application of security standard. Provide management reports that represent the security posture of the business in a timely, regular and accurate manner
- To develop local IT security policies and procedures, ensure through the practices adopted and tools implemented that the policies are properly enforced.
- To develop local strategies to monitor and respond to security incidents and providing methodical post-event analyses.
- To review the system architecture and configurations (Networks, System, Firewalls and other security components such as IPS/IDS, SIEM) are in line with the Security policies & best practices
- To coordinate IT security audit, security reviews, ethical hacking exercises in coordination with ISS HO and ISS Singapore.

In addition to IT Risk management, the role will also act as IT financial controller and backup of ITSO. The function will include:

- Assist Head of IT draft the annual budget plan.
- Proactively monitor the IT spending VS budget forecast.
- Manage the IT Outsourcing activities.
- Backup ITSO as major initiative of IT security responsible party.
- Backup ITSO as Audit and Regulator contact point.
- Backup ITSO in DRP activities

Job location

Geographical area

Asia, China

City

SHANGHAI

Applicant criteria

Minimal education level

3 years of higher education (L3)

Academic qualification / Speciality

Master degree and above, with major in IT related.

Level of minimal experience

11 years and more

Experience

IT Risk Officer related working experience

Languages

Chinese and English