Empresa:

Inetum

Descrição da Função

Mission

Shadow IT (eg. IT outside the IT governance) is a risk for any organization and even worse for regulated companies like banks.

Role for our client as Risk officer for Shadow IT is to ensure this risk is properly managed.

To do so, there is a need to manage a global inventory referencing all shadow IT usage with their resulting IT risks and for this portfolio the shadow IT risk officer is in charge of liaising with business teams to identify new or evolving Shadow IT situations, challenge content declared data completeness and consistency but also provide support and coordination during assessment and validation.

Finally,you will ensure follow-up of related KPI and KRI to be able to perform the reporting about these risks to the top management.

Main Tasks

Maintenance of the Shadow IT portfolio:

• Regularly Update existing or new Shadow IT situations (risk level, owner, impact, description, mitigation )

• Initiate & support the annual review campaign of all Shadow IT situations and associated risks across the organization

Support Risk Assessment

• Organize with relevant stakeholders the assessment/analysis about identified Shadow IT (e.g.: impact, mitigation )

• Organize the validation of IT risk cards linked with Shadow IT assessment

• Organize the compliance with the company's Risk Management process

• Collect and centralize reported Shadow IT situations and challenge them with relevant stakeholders

Reporting

• Follow KPI defined for Shadow IT (Risk Level, owners, SPOCs )

• Perform a reporting about risks and action plans to the top management, raise alerts if needed

• Participate to the Business Line Risk committee to share inputs about Shadow and associated risks (risks stored in Risk Register, level of risks, impact )

Profile

Technical Skills

• Risk monitoring (knowledge in risk management: ability to identify, alert and suggest remediation)

• Risk analysis (ability to anticipate/analyze threats and create risk scenario) and Risk opinion (ability to challenge, approve and decide (new activities, projects )

• Internal audit knowledge (knowledge of the audit process and methodology)

• IT knowledge (global knowledge of IT, its major processes and assets & solutions) and Cybersecurity (general knowledge in cybersecurity risks, frameworks and requirements)

• Regulatory (general knowledge in IT and cybersecurity regulators framework) and Compliance (global knowledge of compliance, its major processes or regulatory framework)

Language Skills

• English

Observações

Porto (Portugal)