Senior Manager, Non-Financial Risk - Information and Technology Risk, CIB

This role is required to provide operational support and oversight of the management and mitigation of significant operational risks and vulnerabilities that may arise within Systems and Technology; and Information Risk (including Privacy) processes in the global Corporate and Investment Banking (CIB) Business.The candidate will be a material influencer in the identification, evaluation, assessment of risks and vulnerabilities in the CIB technology and information risk ecosystem, and advise on the adequacy of process, risk, and control measures.This role will provide oversight through advocacy, identification of control weaknesses and recommendations for improvement opportunities, training and reporting of risk issues.The candidate will be the trusted risk management partner that equips the CIB business heads and Chief Information/Technology; Data and IT Security Executives and their units, with the tools to identify, assess and mitigate the financial, reputational, regulatory, and client impact of information and technology risks that confront the business.Key Responsibilities:Information and Technology (IT) risk strategy and framework development and deploymentSupport the development of Information and Technology Policies and Standards that are fit for purpose to the CIB business, including frameworks, programs, risk taxonomies, and tool kits.Support the cascading and embedding Group-wide Non-Financial Risk, Information (including Privacy) and Technology Risk Policies and Frameworks into core CIB business and technology units globally.Assist in the research on best practices leveraging expertise and industry insights, including analysis of IT risk data from various sources (e.g. external events, control deficiencies, risk register) to identify and measure levels of information and technology risk, concentration, trends and patterns.Support corporate-wide IT, Information (including Privacy) risk awareness, culture, and influence within CIB, including rollout of business unit IT risk training programsAssess and Optimise the IT & Information risk profile in the CIB BusinessSupport execution of IT & Information risk and control self-assessments (RCSA), and ensure that the scope, discipline and culture in surfacing the key risks (infrastructure, applications, third parties, cyber security, resilience etc…) that the business faces in its operations, is robustSupport the independent quality assurance (QA) activities over RCSAs and ACAs to ensure that risks/controls assessments are adequate.Partner with the Business, IT Security, Technology and Non-Financial Risk Management teams, and other related parties to ensure that action plans, policy and procedural changes for risk acceptance, avoidance, transfer and/or mitigation are appropriately considered to address vulnerabilities identified from risk assessments.Support the monitoring of evolving risk position of new technologies (robotics, AI, Cloud initiatives, block chain, etc), for each of the technology areas in focus, tracking the individual risk logs and resolution plans, to minimize potential losses and other impacts. Contribute to the development of a risk and control culture in the business through knowledge sharing and creating awareness, including best practices for minimizing information and technology risk losses.Effective IT & Information Risk monitoring and impact/loss preventionMonitor appropriateness of Information and IT incident reporting and perform ongoing analysis of Non-Financial Risk impact and losses, near miss and external events to inform risks assessments and better scenario and resilience planning and exercises.Assist with the Investigation of material Non-Financial Risk incidents/events; and the determination of appropriate consideration of remedial measures, and lessons learned.Enable the development, review, monitoring and analysis of Information and IT key risk indicators. Ensure KRI thresholds are relevant, and breaches are adequately addressed (e.g. escalation and resolution), in collaboration other control functions (e.g. Audit and Compliance).Contribute towards executive level reporting, metrics, scorecards and dashboards to support risk-informed business decisions, and recommend strategies that effectively help maintain risks within the agreed appetite and impact on the bank’s clients and stakeholders