Overview
HR Business Partner | HR Senior Consultant role for our client. Shadow IT (eg. IT outside the IT governance) is a risk for any organization and even worse for regulated companies like banks. The Risk Officer for Shadow IT is responsible for ensuring this risk is properly managed by maintaining a global inventory of Shadow IT usage, identifying new or evolving Shadow IT situations, challenging data completeness and consistency, and providing support and coordination during assessment and validation. The role also ensures follow-up of related KPI and KRI to enable reporting of these risks to top management.
Main Tasks | Responsibilities
* Maintenance of the Shadow IT portfolio: Regularly update existing or new Shadow IT situations (risk level, owner, impact, description, mitigation, etc.).
* Initiate & support the annual review campaign of all Shadow IT situations and associated risks across the organization.
* Organize with relevant stakeholders the assessment/analysis of identified Shadow IT (e.g., impact, mitigation).
* Organize the validation of IT risk cards linked with Shadow IT assessment.
* Organize compliance with the company's Risk Management process.
* Collect and centralize reported Shadow IT situations and challenge them with relevant stakeholders.
Reporting
* Follow KPI defined for Shadow IT (risk level, owners, SPOCs).
* Perform reporting about risks and action plans to top management; raise alerts if needed.
* Participate in the Business Line Risk committee to share inputs about Shadow and associated risks (risks stored in Risk Register, level of risks, impact).
Technical Skills
* Risk monitoring (knowledge in risk management: ability to identify, alert and suggest remediation).
* Risk analysis (ability to anticipate/analyze threats and create risk scenarios) and risk opinion (ability to challenge, approve and decide on new activities, projects).
* Internal audit knowledge (knowledge of the audit process and methodology).
* IT knowledge (global knowledge of IT, its major processes and assets & solutions) and cybersecurity (general knowledge in cybersecurity risks, frameworks and requirements).
* Regulatory (general knowledge in IT and cybersecurity regulatory frameworks) and Compliance (global knowledge of compliance, its major processes or regulatory framework).
Qualifications & Seniority
* Senior level preferred; Mid-Senior level is acceptable as per requirements.
* Employment type: Full-time.
* Job function: Information Technology.
* Industries: IT Services and IT Consulting.
#J-18808-Ljbffr