Job Detail
-
Job ID 13809
-
Offered Salary 2001
-
Career Level Manager
-
Experience 8 Years +
-
Industry Finance
-
Qualifications Master’s Degree
Job Description
Job Description – IT Risk Officer
1. Job Title
IT Risk Officer
2. Department / Reporting Line
- Risk Management Department / IT Risk Management Unit
• Cross-functional collaboration with IT Department, Internal Audit, and Compliance
3. Main Mission
Ensure the implementation, monitoring, and continuous improvement of the IT risk management framework in compliance with COBAC Regulation 2024, international standards (ISO 27001, NIST, PCI-DSS), and NFC Bank’s internal policies. The officer is responsible for identifying, assessing, monitoring, and mitigating IT-related risks to guarantee security, availability, integrity, and regulatory compliance.
4. Key Responsibilities
- Continuously identify and assess IT risks (cybersecurity, infrastructure, applications, business continuity, outsourcing, etc.).
- Implement and maintain the IT risk mapping in accordance with COBAC requirements.
- Ensure compliance with regulatory requirements for IT risk and security management.
- Define, monitor, and update IT risk indicators (KRIs) and mitigation plans.
- Contribute to the development and implementation of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
- Conduct regulatory and technological watch on IT risk management standards and practices.
- Produce periodic reports for the Risk Management Department, Executive Management, and supervisory bodies (COBAC, BEAC).
- Participate in crisis simulation exercises, recovery tests, and internal/external audits.
- Raise awareness among bank staff on IT and cybersecurity risks.
- Assess risks related to vendors and outsourced services (vendor risk management).
5. Profile Required
Education
- Master’s degree (Bac+4/5) in Computer Science, Information Security, Risk Management, Audit, or equivalent.
• Professional certifications are an asset: CISA, CRISC, ISO 27005 Risk Manager, ISO 27001 Lead Implementer/Auditor.
Experience
- Minimum 3 to 5 years of proven experience in IT risk management, IT audit, or cybersecurity (preferably in banking/financial sector).
Technical Skills
- Strong knowledge of IT risk management concepts (identification, assessment, mitigation, monitoring).
• Good understanding of COBAC regulatory requirements.
• Knowledge of international frameworks and standards: ISO 27001, ISO 27005, NIST, COBIT, PCI-DSS.
• Expertise in cybersecurity, vulnerability management, business continuity (BCP/DRP).
• Proficiency in risk monitoring and reporting tools (Excel, Power BI, GRC tools).
Behavioral Skills
- Strong analytical and synthesis skills.
• Rigor and high sense of confidentiality.
• Ability to work in teams and across departments.
• Excellent written and oral communication skills.
• Proactive and solution-oriented mindset.
6. Reporting Line
- Reports to the Head of Risk Management / Chief Risk Officer (CRO).
• Frequent interactions with the CIO, Information Security Officer (ISO), Internal Audit, and the Executive Committee.
7. Key Performance Indicators (KPIs)
- Regular updates of the IT risk mapping.
- Coverage rate of identified and mitigated IT risks.
- Compliance with COBAC regulatory reporting deadlines.
- Number and relevance of recommendations implemented following audits/inspections.
- Level of staff awareness on IT and cybersecurity risks.