Emerging Technology Specialist, Risk (AVP Level)

Job Description1) BackgroundThis new role forms a key part of the Technology Risk Management function, supporting the Head of Technology Risk. The role holder will form a crucial component in the establishment of an enhanced risk management framework and beyond that identify and assess potential risks across Technology, as well as ensuring a comprehensive approach to risk mitigation.2) Purpose of JobRisk Identification and Mitigation: Identify and assess Technology risks associated with IT projects and emerging technologies.Policy Compliance: Drive IT project teams’ compliance with Technology policies, standards and procedures, to promote risk management best practices when change is introduced into the organization.Project Oversight: Provide risk oversight for IT projects, ensuring that risk considerations are integrated into project planning and execution.Incident Response and Reporting: Provide SME input and advice on the identification of root causes and impacts where required.3) Accountabilities & ResponsibilitiesTechnology Policy & Standard Framework: Develop, maintain and embed Technology Policies, Standards and Procedures whilst also implementing the IT function’s objectives.Programmes & Emerging Risk: Provide oversight and input into risk assessments to help identify potential risks and devise mitigation strategies, prior to technological changes. Help to ensure alignment of technological changes with the organization's risk tolerance and strategic objectives.Technology Risk Training: Embed a culture of risk awareness and ensure that relevant parties are aware of their roles and responsibilities concerning risk.External Event Analysis?: Stay abreast of relevant reported Technology Resilience incidents across industries, to identify causes/ themes/ lessons learned that the organization can leverage and disseminate relevant information to internal stakeholders.Third Part Risk Management (TPRM) Due Diligence?: Work closely with TPRM to identify, monitor and report on the technology risk related aspects of Technology provided to the organization by third parties.Technology Key Risk Indicators (KRIs): Define key risk indicator metrics relating to causes and/or impacts of technology risks; include these in monthly reports for submission to the relevant risk committees and forums.Risk Acceptance and Exceptions?: Review and approve (or decline) exception requests submitted where there is anticipated non-compliance with a control, standard or policy.Problem Management Monitoring?: Periodically reviews the outputs of the Problem Management root cause analysis process (remediation actions, monitoring enhancements, preventative measures, etc) to aid in their assessment of the overall control environment.Critical Vendor Monitoring: Review the outputs of the Third-Party Risk Management (TPRM) process to understand the due diligence results of critical 3rd party vendors and what risks they may pose to the organization.Committee & Board Reporting: Produce the required Board and Committee-level Technology metrics for inclusion in the respective reporting decks as required.Client DD Reporting?: Provide input to determine the risk MI required from clients to help ensure the risk position is fully understood.4) Knowledge, Skills, Experience & QualificationsThe post holder will be expected to demonstrate:Attention to Detail: Meticulous attention to detail is crucial for accurately managing open audit points, helping to document audit actions, and accurately track and report on the status of management actions.Organisational Skills: Strong organisational skills are necessary to effectively coordinate audit schedules, manage documentation, and prioritise tasks across the IT Department.Time Management: Excellent time management skills are essential for managing multiple audit engagements, meeting deadlines, and ensuring the smooth progression of audit activities.Communication Skills: Clear and concise communication skills are vital for effectively liaising with internal and external stakeholders, conveying audit-related information, and facilitating collaboration across the IT Department.Analytical Skills: Basic analytical skills are beneficial for analysing audit data, identifying trends, and generating insights to support audit reporting and decision-making processes within the Technology domain.Adaptability: Ability to adapt to changing priorities, audit requirements, and work effectively in a dynamic and fast-paced environment.Confidentiality: Demonstrated ability to handle sensitive information with discretion and maintain confidentiality in accordance with organisational policies.Proficiency in Office Software: Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) and other relevant software applications for document management, data entry, and reporting.Technology Knowledge: Work towards a detailed understanding of Technology and cyber risk frameworks (e.g. NIST / ISO27001 / COBIT / ITIL).