IT Specialist/Senior IT Specialist, Beijing-jobs vacancy

• Organization: AIIB - Asian Infrastructure Investment Bank
• Country: China
• City: Beijing, China
• Office: AIIB HQ Beijing
• 
  

 

Closing date: Monday, 9 April 2018

IT Specialist/Senior IT Specialist

The Specialist is responsible for establishing and maintaining AIIB's IT risk management, which is designed to ensure that AIIB's IT investment, IT-dependent strategic business objectives, IT systems and information assets are adequately protected.

As the process owner for all of AIIB's IT-related risk, the Specialist is envisioned to become more than simply a technology and controls expert. The job focuses on managing information risk to levels acceptable by AIIB in order to meet business goals. The selected Specialist will be involved in a variety of IT activities, from strategic planning, IT service process design, control testing to setting up tools of governance, risk management and compliance.

The selected Specialist will work in a start-up, fast-paced, rapidly changing work environment. The Specialist will have the opportunity to drive IT process design from a risk perspective. The Specialist will be exposed to cutting-edge cloud technology and multilateral development banks' business requirements where technical, analytical and consulting skills are expected to be honed.

Responsibilities:

• Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
• Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
• Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently at appropriate times.
• Identify and assess risks to AIIB's information database.
• Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on AIIB's risk appetite.
• Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
• Facilitate the integration of information risk management into business and IT processes (e.g., project budgeting, systems development, procurement, project management) to enable a consistent and comprehensive information risk management program across the organization.
• Monitor for internal and external factors (e.g., key risk indicators [KRIs], threat landscape, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing or new risk scenarios are identified and managed appropriately.
• Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
• Ensure that information security risk is reported to senior management to support an understanding of potential impact on organizational goals and objectives.
• Manage the IT risk and internal control program as the first line of defense and act as a liaison between IT and internal control, internal/external audit, risk management and compliance.
• Conduct risk analysis on technology and business processes and provide guidance and subject matter expertise for business and IT on the adoption of a technology to support business needs.
• Write policies, directives, administrative guidelines and procedures on IT risk and controls, and gain approvals for such outputs.
• Implement tools for governance, risk management and compliance.

Requirements:

• Intensive technology risk experience within investment banking or other financial institutions (previous experience within an IT risk group or experience with COSO framework would be an advantage; other complementary experience would include IT Audit and Compliance).
• Possess solid domain competencies in a number of IT-risk-related disciplines, including security, business continuity management, privacy and compliance.
• Deep experience in managing IT operational risk.
• Significant experience in preparing and delivering executive-level presentations; excellent written and verbal communication and presentation skills with the ability to explain complex concepts; fluency in oral and written English is a must.
• Experience with a governance, risk management and compliance (GRC) tool is highly desirable.
• Minimum five years of relevant IT experience or equivalent; minimum 8-10 years for Senior IT Specialist in an international organization or multinational corporation.
• Master's degree equivalent or higher in related fields from a reputable university.