Information Technology and Security Risk Management ConsultantContractual - Tenders Global

Information Technology and Security Risk Management ConsultantContractual

United Nations Resident Coordinator System (RCS)

tendersglobal.net

JOB DESCRIPTION

Information Technology and Security Risk Management Consultant

Location:

The IDB Group is a community of diverse, versatile, and passionate people who come together on a journey to improve lives in Latin America and the Caribbean. Our people find purpose and do what they love in an inclusive, collaborative, agile, and rewarding environment.

About this position:

The Financial and Operational Risk Division (RSM/FOR) of IDB Invest is looking for a professional with strong risk management background, specifically in operational risk management, to support IDB Invest management to deploy the operational risk management framework and improve internal controls in the business units.

RSM/FOR, part of the Risk Management Department, is responsible for managing financial and operational risks of IDB Invest. The team is divided into three main parts:

  • Portfolio Management and Risk Data: responsible for overseeing the growth of the portfolio, considering concentrations and other risk parameters, providing portfolio risk guidance to the business areas, managing cross-booking allocation and limits, RAROC, Risk Management MIS, reporting and limit controls.
  • Market Risk: responsible for the design, implementation, update, and ongoing execution of the Market Risk Management framework. The team identifies, quantifies and monitors interest rate risk and foreign exchange risk of the balance sheet, and the price risk of the liquid investment portfolio. This area is also responsible for capital management, economic capital and counterparty credit risk management.
  • Operational Risk Management: responsible for assessing and maintaining an appropriate internal control environment, managing a full operational risk framework as a second line of defense.

What you’ll do:

The consultant will support the activities related to the implementation, maintenance, and monitoring the information technology and security risks for IDB Invest systems.

  • Review the risks and information technology controls documentation, guidelines and procedures to evaluate the operational risk management.
  • Review, document and socialize information technology and security risk guidelines and standards for managing and controlling the risks.
  • Provide effective critical challenge of the identification, assessment, treatment, monitoring, and reporting of information technology and data protection and security risks within IDB Invest processes.
  • Review, test, and document the design and effectiveness of the information security, data protection and technology controls implemented in the IDB Invest’s processes, systems, and solutions (built in-house, outsourced, or by third parties).
  • Develop and communicate to the business units the recommendations to mitigate the operational risk identified during the risk assessment and coordinate with the business units the action plans definitions.
  • Review and identify gaps, control deviations, and improvements as well as communicate and monitor the action plans to the interested parties.
  • Review and monitor the implementation activities of ICFR risk assessments in IDB Invest selected processes and systems during the year and prepare the risk reports and indicators.
  • Investigate, monitor, evaluate and report periodically risk, incidents and key risk indicators regarding selected IDB Invest processes and systems.
  • Provide training and awareness regarding information security, and operational risk matters.
  • Review. evaluate, and document improvements regarding the evaluation model for information technology and security risks based on the ITGC and applications controls, COBIT, and NIST best practices and standards.

Deliverables and Payments:

 

Payment (%) Deliverable Description
20% Upon signing the contract
20%* Deliverable #1

 

 

Project documentation review for selected IDB Invest

processes and systems.

IT flowcharts documentation.

IT risk and control description and evidence by risk.

Adjustments and results based on guidelines an

procedures review.

20%* Deliverable #2

 

 

First draft of the preliminary risk assessment of the

selected systems and processes.

Risk and control matrix documentation.

Test procedure documentation and evidence of testing

results by control.

Recommendations, action plans and incident

monitoring documentation.

40%* Deliverable #3 final deliverables related to the risk assessment of the selected systems and processes.

*Payment contingent on the satisfactory approval by IDB Invest

What you’ll need:

  • Education:Master degree in engineering, computer science or other related field. CRISC, CISA, CISM, ISO 27001LA, ISO 27701LA, CISSP, CCSP, CDPSE, COBIT or MCSA certification is preferable.
  • Experience: At least 10 years of relevant professional experience on in IT/Cybersecurity Risk Management, IT auditing, IT systems and Platform administration at a peer institution, regulatory agency, financial services provider or international firms. Experience with IT Policy, Audit, Compliance, Risk and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC1, SOC2, SOX, NIST, COBIT and COSO Frameworks.
  • Languages: Proficiency in English and one of the other Bank official languages (Spanish, French or Portuguese) is required.

Key skills:

  • Learn continuously.
  • Collaborate and share knowledge.
  • Focus on clients.
  • Communicate and influence.
  • Innovate and try new things.

Additional skills:

  • Proficiency with Microsoft tools: Excel, Power point, Visio, Oracle/SQL Server, Python, Toad, Power BI, and Google Analytics.
  • Developing and implementing information security programs as second line of defense.
  • Evaluating the information technology general controls (ITGC), IT SOX, data protection and application controls.
  • Testing key controls of critical financial system infrastructure in a cloud environment and third-party management.
  • Evaluating and monitoring operational risk and ICFR risks.
  • Implementing ICFR best practices and standards related to internal control evaluation over financial reporting.
  • Experience working with datasets and modeling languages, database, automation (for example: SQL, Python, R, JavaScript, and/or Essbase) and providing risk training.

Requirements:

  • Consanguinity: You have no family members (up to the fourth degree of consanguinity and second degree of affinity, including spouse) working at the IDB, IDB Invest, or IDB Lab.

Type of contract and duration

  •  

    Type of contract:Products and External Services Consultant (PEC), Lump Sum

  • Length of contract: 12 months
  • Work Location: Residence consultant.

Our culture

At the IDB Group we work so everyone brings their best and authentic selves to work, willing to try new approaches without fear, and where they are accountable and rewarded for their actions.

Diversity, Equity, Inclusion and Belonging (DEIB) are at the center of our organization. We celebrate all dimensions of diversity and encourage women, LGBTQ+ people, persons with disabilities, Afro-descendants, and Indigenous people to apply.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job interview process. If you are a qualified candidate with a disability, please e-mail us at [email protected] to request reasonable accommodation to complete this application.

Our Human Resources Team reviews carefully every application.

About the IDB Group

The IDB Group, composed of the Inter-American Development Bank (IDB), IDB Invest, and the IDB Lab offers flexible financing solutions to its member countries to finance economic and social development through lending and grants to public and private entities in Latin America and the Caribbean.

About IDB Invest

IDB Invest, a member of the IDB Group, is a multilateral development bank committed to promoting the economic development of its member countries in Latin America and the Caribbean through the private sector. IDB Invest finances sustainable companies and projects to achieve financial results and maximize economic, social, and environmental development in the region. With a portfolio of more than $20 billion in asset management in 25 countries, IDB Invest provides innovative financial solutions and advisory services that meet the needs of its clients in a variety of industries.

Follow us:

https://www.linkedin.com/company/idbinvest/

https://www.facebook.com/IDBInvest

https://twitter.com/BIDInvest

Additional Information


Apply for job

To help us track our recruitment effort, please indicate in your cover/motivation letter where (tendersglobal.net) you saw this posting.

Job Location