Information Technology and Security Risk Management Consultant Contractual

Inter-American Development Bank


<!–

Description

–>

The Financial and Operational Risk Division (RSM/FOR) of IDB Invest is looking for a professional with strong risk management background, specifically in operational risk management, to support IDB Invest management to deploy the operational risk management framework and improve internal controls in the business units.
 
RSM/FOR, part of the Risk Management Department, is responsible for managing financial and operational risks of IDB Invest. The team is divided into three main parts:
 
Portfolio Management and Risk Data: responsible for overseeing the growth of the portfolio, considering concentrations and other risk parameters, providing portfolio risk guidance to the business areas, managing cross-booking allocation and limits, RAROC, Risk Management MIS, reporting and limit controls. 
Market Risk: responsible for the design, implementation, update, and ongoing execution of the Market Risk Management framework. The team identifies, quantifies and monitors interest rate risk and foreign exchange risk of the balance sheet, and the price risk of the liquid investment portfolio. This area is also responsible for capital management, economic capital and counterparty credit risk management.
Operational Risk Management: responsible for assessing and maintaining an appropriate internal control environment, managing a full operational risk framework as a second line of defense.
 
What you’ll do: 
  • The consultant will support the activities related to the implementation, maintenance, and monitoring the information technology and security risks for IDB Invest systems. 
  • Review the risks and information technology controls documentation, guidelines and procedures to evaluate the operational risk management.
  • Review, document and socialize information technology and security risk guidelines and standards for managing and controlling the risks.
  • Provide effective critical challenge of the identification, assessment, treatment, monitoring, and reporting of information technology and data protection and security risks within IDB Invest processes.
  • Review, test, and document the design and effectiveness of the information security, data protection and technology controls implemented in the IDB Invest’s processes, systems, and solutions (built in-house, outsourced, or by third parties).
  • Develop and communicate to the business units the recommendations to mitigate the operational risk identified during the risk assessment and coordinate with the business units the action plans definitions.
  • Review and identify gaps, control deviations, and improvements as well as communicate and monitor the action plans to the interested parties.
  • Review and monitor the implementation activities of ICFR risk assessments in IDB Invest selected processes and systems during the year and prepare the risk reports and indicators.
  • Investigate, monitor, evaluate and report periodically risk, incidents and key risk indicators regarding selected IDB Invest processes and systems.
  • Provide training and awareness regarding information security, and operational risk matters.
  • Review. evaluate, and document improvements regarding the evaluation model for information technology and security risks based on the ITGC and applications controls, COBIT, and NIST best practices and standards.
What you’ll need:

Education:  

  • Master degree in engineering, computer science or other related field. CRISC, CISA, CISM, ISO 27001LA, ISO 27701LA, CISSP, CCSP, CDPSE, COBIT or MCSA certification is preferable. 
Experience:
  • At least 10 years of relevant professional experience on in IT/Cybersecurity Risk Management, IT auditing, IT systems and Platform administration at a peer institution, regulatory agency, financial services provider or international firms. Experience with IT Policy, Audit, Compliance, Risk and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC1, SOC2, SOX, NIST, COBIT and COSO Frameworks.
Languages:
  • Proficiency in English and one of the other Bank official languages (Spanish, French or Portuguese) is required.

<!—

<!–

–>

To help us track our recruitment effort, please indicate in your cover/motivation letter where (ngotenders.net) you saw this job posting.