Senior Technology Risk and Controls Officer (TPRM)
Do you thrive working with different tasks and problem-solving? Can you work with many different levels of stakeholders? By joining us in this role, you will contribute to the Third Party Risk Management (TPRM) within the Bank.
The Technology Risk and Controls (TRC) risk management organization drives the institutionalization of Technology Risk Management disciplines in the Group, with the aim of providing a transparent view of Danske Banks’s IT risk posture at any given time.
We are looking for a motivated colleague to join the Technology Risk Assessments (TRA) team, under the TRC department, where we provide Information Technology and Security risk management service. Our aim is to ensure a risk-based approach on new services and technology solutions in accordance with the Enterprise Risk Management framework. We partner with technology and business units daily and operate in a customer-centric service organization structure.
Depending on your experience and knowledge, we may offer you different seniority for the role.
- Facilitate and conduct Technology Risk Assessments workshops with technology and application service owners, primarily focussing on Third Parties
- Ensure risk management policies are adhered to, facilitate related reviews and identify gaps and remediation plans in conjunction with policy owners
- Focus on the end-to-end lifecycle of TPRM (identification, assessment, response, review, monitoring, retirement, reporting)
- Support Third Parties in identifying, evidencing and maintaining their technology-related risk management activities, including business continuity planning, exit strategies and other elements of the newly introduced TPRM Strategy within The Bank
- Prepare regular and ad-hoc reports on technology risk posture as it relates to third parties for various stakeholders
- Work in close collaboration with cross-functional subject matter experts and stakeholders across the group
- Act as a risk ambassador within the organization by promoting a risk-conscious culture
- 5+ years’ experience in IT Risk Management, TPRM, Outsourcing (Vendor) Management encompassing or equivalent (e.g., Procurement and/or Legal with focus on outsourcing)
- Good knowledge of regulatory requirements within the financial sector in EU (e.g., GDPR, DORA, EBA guidelines on outsourcing arrangements, etc.)
- Working familiarity with IT controls frameworks (e.g. ISF Standard of Good Practice, NIST CSF, ISO27001, PCI DSS or similar)
- Familiarity with IT risk treatment decision and mitigation processes
- Solid analytical and communication skills with the ability to work under time pressure conditions
- Approachable, pragmatic, self-starter who is easy to collaborate with others to make things happen
- Upper-Intermediate English skills
We will consider as a bonus:
- IT risk and control assessments experience on services, applications, infrastructure components, etc.
- Professional certifications related to technology or risk management (for example, CISM, CISA, CRISC, CISSP, ISO 27001 Lead Implementer, ITIL, COBIT)
We will ensure that exact salary offered for you will be based on your qualifications, competencies, professional experience and requirements for the corresponding job function (salary range from 3440 EUR to 5160 EUR gross EUR/monthly).
Your title in job contract will be Officer - Business Risk & Controls (Officer, Technology Risk and Controls), Senior .