CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Interested in engaging with the thought leaders driving technological innovation and transformation at a large financial services organization? Technology Business Controls supports the management and execution of IT Risk programs, leveraging new technologies, tools and best practices to drive automation, consistency and quality of results. Our focus is Regulatory Compliance, Risk and Control for all Technology Risks as part of the corporate First Line of the Defense our mission is to ensure that the risk in our environment is well understood and managed, with effective controls.
Summary Of The Key Purposes Of The Role
The main purpose of this role will be to manage:
End to end risk management, oversight & governance
Automation and Validation of key IS attestations, Regulatory / Risk Questionnaires
Governance of control deviations / gaps to ensure risks are in line with risk appetite
The Head of IS Security Attestations will also need to manage from a Cyber Security and Information Security standpoint the following stakeholders: Board members, Business heads, Clients, Regulators and peers.
Your Main Responsibilities Will Be
Summary of responsibilities
Define and maintain Information Security Attestation and Validation strategy
Define strategy based on group / Chief Information Security, Business Controls and business strategies
Manage relationship with internal and external stakeholders:
Internal Stakeholders: Board members, Business heads, Risk functions, Audit functions, IT functions
External Stakeholders: Regulators, External auditors, Peers, Industry wide working groups
Perform risk assessments on projects, vendors and new products
Coordinate penetration tests and vulnerability remediation where required
Manage read across assessments of incidents / control gaps
Review and challenge Control Exceptions against Control Objectives for Cyber and Information Security
Enhance governance of Run The Bank (RTB) ad hoc initiatives
Participate to global and regional committees
Drive control best practice and awareness
Follow-up on actions and help consolidation in global dashboards / scorecards
Collaborate with functional risk managers and control assurance resources to ensure deliverables adequately represent all stakeholders
The successful candidate will have the experience, gravitas and confidence when briefing senior executives, to deputise for the Technology Business Control Executive in a range of committees. They will be the point lead for IS Attestations and Validation.
Graduate from engineering school or University, with a master degree in Information Technology.
Cyber security certifications (e.g. CISSP, CISA, CISM) would be a plus.
Minimum of 10 years IT Security experience, at least 3 of which have been in a management role.
IT Security experience within Financial Services is important
Knowledge of Risk analysis methodology
Knowledge of Cyber security standards and best practices (e.g. ISO 27001, NIST)
Analytical and strong technical knowledge
Aptitude for learning new technologies
Proficient in Microsoft Office suite
Self-learning and training to ensure skills and knowledge are in-line with responsibilities
Excellent written and spoken communication skills
Very good team player with strong interpersonal skills
Openly shares knowledge with the team
Fluent in English
Experience preparing (or reviewed) SOC / third-party assurance reports (desired but not required)