Jobsxl | Total Jobs Online

Purpose of Job

The focus of the role is to support the IT Department’s ability to control and mitigate its operational and project related risks and relevant internal controls, as well as the implementation of external and internal audit recommendations.

Supported by the Principal, IT Risk Management, the role is responsible for co-ordinating relevant risk assessments, enforcing associated mitigation and identifying additional provisions or processes where required to satisfy newly identified risks. The risks relate to operational risks, which will require working through with the relevant management team owner, as well as project related risks. The role will provide insight and guidance to managers on the relevant processes and provide assurance to managers that adequate actions and standards are in place, as well as necessary challenge on solutions and progress.

Accountabilities & Responsibilties

The Associate, IT Risk Management will work within the IT Risk Management team with a focus on improving and streamlining IT’s internal controls and ensuring their correct execution and annual testing. The role will also be involved in the management of the implementation of external and internal audit recommendations. Working closely with managers who are involved in the internal control processes or with the implementation of agreed recommendations from external or internal audit reviews.

Internal Controls Framework:

The IT department operates a number of Internal Control as part of the banks Internal Control Framework (ICF). The Associate, IT Risk Management will be responsible for:

Working with IT teams to identify and implement improvements to the design and operations of their ICF controls.

Working with IT teams to resolve ICF control failures, tracking progress of actions arising from ICF control failures.

Quarterly testing of ICF controls for design and operating effectiveness for review by the Principal, IT Risk Management.

Supporting the Principal, IT Risk in providing to challenge to second and third lines of defence to ensure IT control and actions are relevant and appropriate according to their associated risk profile

IT Risk Framework:

An IT Risk framework is in place within the IT department in order to capture, manage, monitor and report on IT risks. The Associate, IT Risk Management will be responsible for:

Maintaining and enhancing the IT Risk Register, working with risk owners to identify new risks and determine appropriate treatment options.

Producing risk reports to various stakeholders and committees.

Co-ordinating updates into the Operational Risk Register, cross-referencing the IT departmental risk register with the Banks central risk register OneSumX.

Working with project teams to identify IT operational risks and determine appropriate treatment options.

Internal/External Audit:

The bank’s IT department undergoes a number of audits throughout the year from both the Internal Audit team as well as external audit team. The Associate, IT Risk Management will be responsible for:

Working with IT teams in preparation to internal audits, including assisting in reporting self-identified issues and agreeing actions plans to treat the issues.

Tracking progress of actions assigned to IT teams and producing action progress reports.

Acting as a point of contact with external auditors, agreeing activities and challenging identified actions where appropriate.

Working with IT teams to provide evidence requested to external auditors and aligning where possible with existing controls.

Knowledge, Skills, Experience & Qualifications

Knowledge and Experience

The Associate, IT Risk Management is experienced in IT and Information Security Risk Management, with a solid understanding of risk frameworks, best practice within an IT environment.

• Bachelor degree, or relevant experience, displaying knowledge and understanding of computer information systems, general controls, information technology infrastructure and information security.

• Strong understanding and working knowledge of information security standards and laws (e.g., ISO 27001/27002, COBIT, NIST, etc) and associated qualifications (e.g. CISSP, CISA, CISM, etc), and commonly used concepts, practices and procedures within the IT Risk and security field.

• Extensive knowledge of industry good practice across various sectors including the financial, commercial and ideally public sectors.

• Ability to read, understand and analyse highly complex regulatory and control information and develop or modify policies or programs to ensure organizational compliance.

• Excellent oral and written communication skills to interact effectively with executive management, internal and external clients.

• Strong organisational skills.

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.

The EBRD environment provides you with:

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;


• A working culture that embraces inclusion and celebrates diversity;


• An environment that places sustainability, equality and digital transformation at the heart of what we do.

Diversity is one of the Bank’s core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.

Job Segment: Risk Management, Internal Audit, Information Security, Compliance, Sustainability, Finance, Technology, Legal, Energy