Description
A leading international bank is looking for an enthusiastic IT Risk/OCD Officer. As part of the Squad S/Facility Management the IT Risk/OCD resource aligns with 3rd parties to whom IT operations (technical management, hosting, etc.) of an application is outsourced or who owns a SaaS application. He/she helps the 3rd party and shares information on the Minimum Standards/IT Risk controls and requests the evidence that supports the correct execution of the, in the contract described, IT risk & security agreements
In addition, he/she conducts the banks internal OCD activities, aligns with relevant internal Risk departments with regard to the, by the 3rd party, delivered evidence.
* Collects and registers OCD related evidence material and ensures that OCD remains up-to-date
* Assesses certificates (like ISO) and Service Organization Control (SOC)/Audit reports, received from 3rd party, involving 1st Line of Defense Risk and prepares a concluding in control statement to be approved by 1st/2nd Line of Defense Risk and Asset Owner
* Conducts 3rd party site visits/audits, together with Service Manager, if and when appropriate, such to be decided by the Service Manager
Profile:
* Knowledge of banking IT Risk controls
* Understanding of ISO 27001, SOC 2 type 1 & 2; being able to apply them in practise
* Preferably experienced in the CISM domain
* Knowledge of infra and SAAS applications
* Experience with supplier management
* Good communication skills
* Dutch/English speaking