IT Operational Risk Analyst

Summary of Position

IT Operational Risk Analyst will be reporting to the IT Operational Risk manager. The candidate will participate and contribute to ensure IT operational Risks function fully meet its objectives and requirements in ISAP. IT Operational Risk Analyst identifies, assesses, and mitigates risks arising from internal processes, systems failures, or human errors, helping ISAP preventing losses; ensuring business continuity; and safeguarding against issues like cyber threats, system failures, and process gaps by monitoring risks, developing 2nd level of defense controls (supervisory controls), and collaborating with stakeholders to implement risk management framework and 1st level of defense controls (operational controls).

Main Responsibilities

Risk Oversight & Governance

Provide risk management oversight and support for management.

Support the IT Operational Risk manager in managing regular governance committees by preparing relevant risk reports and highlighting key issues and trends in the risk dashboard.

Implement the risk and control framework to ensure effective risk management.

Risk Assessment & Reporting

Manage ongoing and yearly risk assessments, attestations, and reporting activities.

Coordinate the implementation of operational risk assessment and supervision of 1st line of defense.

Self-Assessments & Control

Facilitate and coordinate self-assessment activities such as Risk & Control Self-Assessment and Regulatory Self-Assessment.

Conduct independent controls of 1st level of defense to complement control monitoring as 2nd level of defense, attestations, and review/reporting of regulatory compliance breaches and operational risk incidents.

Support operational teams in risk assessment and control plan review.

Audit Management

Contribute to audit management activities including pre-audit checks, fieldwork, and coordination with audit teams during and after audit engagements.

Risk Monitoring & Issue Tracking

Proactively identify risks by monitoring technology performance in risk and compliance management.

Track resolution of issues arising from regulatory breaches, operational incidents, special reviews, audits, and inspections.

Risk Culture & Awareness

Provide training and support to strengthen risk culture and awareness within the organization.