Ameriabank CJSC

Job description:

The incumbent will be responsible for management of IT and IS risks, digital products and projects risks in the scope of Agile Transformation: identification, assessment, analysis, monitoring/control and reporting.

/en/it-risk-management-chief-specialist

Job responsibilities

• Collaborate with IT teams, Chapters, Tribes, Squads on designing and building secure infrastructure, network, applications, systems and digital products that are compliant with applicable regulations and industry security requirements, digital products and project risk identification and assessment, treatment monitoring and reporting
• Perform risk assessments, proactively identifying emerging risks and implementing mitigation programs
• Collaborate with departments, Tribes/Squads to detect, manage and mitigate risks across functional lines
• Tailor the risk management strategy and framework to the unique needs of digital products
• Contribute to the design and implementation of enhancements for internal controls such as segregation of duties, change management, access management, IT operations, workflow, and application configuration, etc.
• Evaluate new supervisory requirements, create and improve the IT risk governance framework, best practice implementation
• Perform quantitative and qualitative analysis and assessment of IT risks to determine the likelihood and impact of an identified risk
• Perform targeted risk assessments and provide recommendations to Control Owners
• Perform IT risk mitigation actions and control set up and monitoring, evaluation of their risk mitigation efficiency
• Lead and engage with the business to identify risks and lead the implementation of risk mitigation plans to address cyber risks
• Develop risk stress scenarios, status reports and key metrics to support the IT Risk function
• Perform IT risk loss events and IT incidents’ database management and analysis, treatment, monitoring and reporting
• IT risk related insurance materials, contracts risk review and evaluation
• Supporting the on-going development and improvement of IT and IS Risk Management and Oversight Program
• Keep apprised of emerging risks, regulatory changes, and industry best practices related to IT and IS risk management
• Other duties and projects as assigned by the management

Required qualifications

• University degree in computer science, finance, economics or other related field
• At least years of work experience in IT (programming or IT systems administration) and IT Security spheres, IT and Operational Risk Management
• Knowledge of common security frameworks (NIST, ISO, COBIT etc.)
• Knowledge of application and data technologies
• Experience with change management processes, production controls, and complex systems
• Ability to communicate security and risk-related concepts to both technical and non-technical audiences, at all levels of the organization
• Knowledge and practice of enterprise IT systems architecture (platforms, networks, applications, databases and operating systems)
• Knowledge of information security concepts and principles, including confidentiality, integrity and availability of information
• Practice and experience of risk assessment methodologies (statistical analyses, scoring, self-assessment, vulnerability assessments, penetration tests, risk transfer, etc.), stress scenario development, risk control and mitigation approaches, analysis techniques (gap, cost-benefit, root cause), BI reporting; proficiency in Microsoft Office (Excel, Word, Outlook) and AS Bank 4.0
• Excellent knowledge of Armenian, Russian and English
• Ability to work independently and as part of a team
• Communication and team-player skills, ability to cooperate
• Creative thinking, consultation skills
• Commitment to work and high sense of responsibility

Required candidate level: Not defined

Additional information