Description
IT Vendor Risk Management Analyst
The mission is within the Corporate Technology (CT) division delivering IT shared services related to application hosting, end-user services and infrastructure support to the business entities - the CSDs of the group.
The CSDR outsourcing working group is a cross-divisional team including CSD representatives, Corporate Procurement, Legal, Risk and Compliance, IT divisions and others.
The position is part of the CT Service Strategy CSDR project team who represent the CT division in the CSDR outsourcing working group. CT's scope in this working group is focused on the compliance of CT's 30+ Critical Service Providers (CSP), which are mainly IT vendors (infrastructure hardware/software/Middleware and network suppliers).
Role:
You will be working in the CT CSDR project team to deliver and support CT's required contribution to the CSDR outsourcing cross-divisional working group, along several key dimensions:
The challenge is to transpose the CPMI-IOSCO guidelines to the context and to apply them taking into account the specific nature and products/services of CT's CSPs while ensuring that this new risk assessment exercise does not remain a one-off initiative but is turned into a formal repeatable and sustainable practice in the CT organisation.
Since the new CSD regulation is requiring a formal and explicit oversight, risk assessment and controls on the CSPs, you will be expected to deliver a systematic and standardised documentation providing a comprehensive articulation of the risk assessment in a language that is understandable by both the business and IT.
Profile:
Given the forced/mandatory nature of the initiative and the aggressive time frame imposed to reach full compliance, we are looking for an experienced IT Vendor Risk Management analyst profile, ie:
- Experience (3+ years) in managing service provider/supplier relationships, demonstrating influencing and negotiation skills to align internal and external stake-holders
- Experience in vendor risk management - risk analysis minded, analytical but strategic thinking and logical reasoning, able to articulate risks and mitigating actions in a very clear way
- Interpersonal, presentation and written communication skills in IT and business language, both with technical experts and senior management
- Strong team player with integration skills (joining people and processes), while also demonstrating work autonomy and leadership to define and drive action plans
- Fluency in English is required (French and/or Dutch are a plus)