The Senior IT Risk Manager will be responsible for overseeing SG’s Risk Management Program as defined by SG America’s Technology Department, the SG worldwide Technology Department, as well as the Enterprise Risk Committee and the CIO.
Day to day responsibilities include but not limited to:
- Provide oversight to ensure that there are clear remediation plans and prioritization of efforts on the issues identified in those risk assessments.
- Track and report on Risk identification efforts by Internal and External Auditors, and provide visibility on all audit points related to risk
- Vendor Risk Management and Sourcing subject matter expertise
- Lead, oversee and collaborate with internal teams to align our operational activities with IT risk assessment and risk treatment best practices.
- Contribute to IT Risk Strategy globally and lead specific domains as necessary.
- Write policies and procedures on certain core areas, as well as functional specifications, and model the requirements / specifications to IT Risk needs.
- Oversee teams to gather, analyze, document, and validate the IT Risk needs of the Technology stakeholders;
- Establish strong relationships with business partners, Regulatory Oversight & Cyber Security, Risk, Audit and the COO.
- Partner with Internal Audit and External Auditors to track and manage audit points assigned to the Technology Divisions.
- Procure technical assistance to assist in problem resolution for Technology stakeholders for our risk tools, including but not limited to GPS (permanent supervision tool) and KART (Audit reco tool),
- Oversee teams to provide reporting support for all Risk based reporting by IT, including the Quarterly Enterprise Risk Committee report, Quarterly FCM Risk report, Application Heat Map and Monthly Key Indicators Dashboard
- Investigate, resolve and escalate problems as necessary;
- Promote a thorough understanding of IT Risk roles, processes and activities to the business units; including leadership in training and awareness sessions.
- Collaborate with the Risk Department to help assess risk appetite and define/redefine appropriate risk thresholds and limits
- Manage risk related projects and coordinate with the different risk functions
- Interface with all the bank’s regulators on matters relating to IT and Operational Risk
- Management of IT Risk metrics and a KRI Dashboard
- Partner with applicable departments to strengthen our Risk Control Self-Assessment (RCSA) program
SG, which has its world headquarters in Paris and its regional headquarters for the Americas in New York City, has numerous branches, representative offices, subsidiaries and affiliates located in more than 75 countries. In the United States, SG offers a full range of investment and commercial banking, treasury, financial advisory, execution and industry services, and currently maintains branches, agencies and other offices in New York City, Jersey City (New Jersey), Boston, Chicago, Dallas, Houston, Montreal, Toronto, and Sao Paolo. SG’s Technology Division is responsible for providing IT services to all offices in the Americas.
Inherent in today’s landscape, the focus on Risk Management (Identification, Measurement, Mitigation) is paramount to a successful operating model. The IT Risk Management team has a need for a Senior Risk Manager to direct its activities related to IT risk & strategic oversight, and to liaise with other teams within SG to manage its activities related to IT Risk. This role will report to our Chief Information Risk Officer & Head of Technology Risk, a First Line of Defense function.
Our IT Risk Management program, which is an important component of our Operational Risk Management program, can be described in three steps below, which will all be under the operating domain of this role:
- Risk Identification - Oversee, Manage, Support, Report and provide Transparency of the Risk Identification process including oversight of the Annual Risk Assessment, as well as the Technology divisions, Annual Risk Control Self Assessments (RCSA), and the Information Systems Security Program (ISSP), led by The Regulatory Oversight & Cyber Security Group(ROCS). .
- Risk Measurement – Utilizing the standards and methods defined by the ROCS Group as well as the Enterprise Risk Committee, responsible for designing and overseeing of processes for collection, analysis and dissemination of relevant data for measurement of risk, inclusive of outages (incidents, problems), outage time, outage resolution, operational financial losses, and other IT Risk parameters.
- Risk Mitigation – SG has a comprehensive program to define is annual priorities for investment in IT and Information Security. The IT Risk team will be responsible for liaising with the relevant actors, local and global, to help shape and define the priorities specifically to the IT Americas area. The prioritization will utilize a Risk Based approach which can be developed by said Senior IT Risk Manager.