let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us

info@domain.com
example@domain.com

Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

Technology Controls Manager

  • By Sylwia Lupa
  • 19 July 2021
  • 307 Views

The candidate will join one of the biggest banking institutions in the world.

This role is CCO Technology – Technology Controls Manager – Cloud, and provides support to Global Cloud Services. The role holder will play a key part in the CCO Technology – Cloud team, primarily responsible for Cloud Control Reviews, Framework and Governance processes, along with MI &reporting (provided to management, stakeholders &customers), across all cloud platforms.

A key contributor within the Global Chief Control Officer (CCO) Function that directly supports the Group’s Chief Operating Officers (COO) within the company, one of the world’s largest banking and financial services organisations. The purpose of the CCO function is to enable their colleagues within Operations, Services and Technology (HOST) to deliver a safe and secure service to all their customers, colleagues and the Bank itself.

This role will provides expertise in relation to Technology’s management of its control environment within the context of the Operational Risk Management Framework. Global Cloud Services in the Cloud First strategy the company have adopted a “Cloud First” strategy in order to meet the growing market demand for speed to market, delivery flexibility and staying competitive in an increasingly challenging marketplace. The strategy is driven by a focus on business value, key focus areas being:

  • Delivering improved capability – the company will be leveraging the Cloud Service Provider (CSP) technologies that the company would not have been able to provide internally at an equivalent speed, cadence, cost or quality.
  • Increasing delivery flexibility – benefit from CSP elasticity and dynamic scaling of immediately available near infinite capacity, providing a cost effective edge in a rapidly changing and increasingly competitive market.
  • Transforming their Cost Model – adopt a flexible on demand consumption based model, leveraging lower available pricing for commodity services freeing up funding to focus on higher value propositions.

Their Cloud First strategy has well established design principles, focussed on extracting the highest value from the cloud market with its associated resilience and security:

  • Each major Cloud provider is playing a defined role within a multi-Cloud architecture.
  • They are using geographical distribution for resilience and reduced latency, retaining control of the physical location of systems and data.
  • Open standards and common technologies are prioritised to support contingency plans for key services.
  • They are employing native Cloud services where appropriate to provide enhanced capabilities.
  • They are protecting their data from attack and unauthorised access through market leading defence in depth, encryption and access management controls.

An integrated Global Cloud organisation
To support their ‘Cloud First’ strategy, they have established a “Global Cloud Services” (GCS) organisation within Group IT. GCS is led by Ian Haynes who reports into Dinesh Keswani (CTO) and then Group CIO.

Their  multi-cloud model
They are engaged with multiple global Cloud providers – Google (GCP), Amazon (AWS) and Microsoft (Azure) to leverage their individual capabilities across geographic coverage and, to provide them with contingency options in the event of a failure of any one Cloud provider.

These are transformational times in the company as they build a market leading team in cloud adoption.

Principal Accountabilities
The primary objectives of the role is to:

  • Assist the Cloud Control management team with the continued development and evolution of the cloud control framework and governance processes, including underlying toolsets.
  • Production of monthly CEMM material, along with MI and reporting to management, stakeholders, and customers.
  • Have a good understanding of Operational Risk, particularly the key role played by Technology.
  • Assist with cloud-related audit (internal and external) and risk-related regulatory engagement.
  • Provide support on initiatives to drive improvements to the Technology control environment, including the effective design of material controls.
  • Partner with the Global Cloud Services team to create effective design, analysis and remediation of control measures
  • Provide risk and controls advice and guidance to the Global Cloud Services and GB/GF teams deploying to Cloud.
  • Provide advice, guidance and assessment of application of policies, control standards, and procedures.
  • Member of relevant governance forums, Audit and regulatory reviews etc.
  • Advocate the desired behavioural changes across the CIO community required to mature the understanding and management of technology risk controls.

Impact on the Business/Function
Control Expertise

  • Explaining and facilitating effective design, analysis and remediation of control measures.
  • Support Technology with the effective design and efficient operation of controls.
  • Share risk management and controls operations in line with Operational Risk Management Framework.
  • Identify and raise awareness of emerging risks and threats and
  • deficiencies with deployed key controls.
  • Monitoring and analysing control measures to inform opinions on control environment, form risk assessments, provide advice on remediation plans.

Governance

  • Contributing to risk governance activities ensuring all stakeholders are able to have visibility of key risks and remediation activity.
  • Monitoring MI and reports to ensure Technology remains within its risk appetite.
  • Supporting Technology to design and deploy key controls, key control indicators, evidence requirements and tools to ensure control effectiveness.
  • Validating control measures include RCA, KRIs, KCIs, control operation, test approaches, reviews, audits, judgment based attestations, supplier audits, sampling of supplier procedures

Customers / Stakeholders

  • Work closely with GB/GF stakeholders and ensure visibility of key risks and remediation activity necessary to appropriately manage the Banks services and data in a Cloud computing environment.
  • Assist with the ongoing assurance to external regulators and auditors as to the rigour of the control environment managed by the company with key vendors and suppliers over the extended Cloud computing environment.
  • Partner with key core cloud migration project teams and stakeholders across Technology and business division to help implement the control requirements and provide ongoing assurance of controls effectiveness.
  • Present complex Cloud issues confidently and concisely to Technology and HOST stakeholders using non-technical easily understood language.
  • Partner with 2nd &3rd LOD including Information Security Risk, Operational Risk, Compliance, ISR, and Audit

Leadership &Teamwork

  • Role model a positive internal risk and control culture across Technology teams and shape the climate, tone and environment in which people work.
  • Make considered decisions that protect and enhance the company’s values, reputation and business.
  • Support the execution and remediation of thematic reviews / investigations / compliance reviews in response to internal or external events within Technology.

Operational Effectiveness &Control

Apply and critique Risk & Control Framework by:

  • Working with Technology to define and apply Technology Risk & Control standards and processes in order to drive consistency across.
  • Partner with Technology to identify, measure, mitigate, monitor and report Technology’s top risks (including new/emerging top risks).

Apply and critique definition and application of policies, control standards and procedures by:

  • Working with Technology to influence definition of policies and control standards.
  • Implementing clear policy framework across dispensations and waivers.
  • To share best practices and enhance the control framework and contribute towards reduction of findings noted in Group Audits, Internal Control reviews, 2LoD reviews, etc.

Knowledge & Experience

  • Good knowledge of technology controls &governance processes.
  • Open personality with effective communication skills.
  • Coordinate with colleagues and key stakeholders in an international team.
  • Organisation of presentations, trainings, workshops.
  • Planning and project management skills.
  • Ability to work independently with limited supervision.
  • Communication – ability to present complex issues confidently and concisely to Technology and HOST Senior Executives and other key stakeholders using non-technical easily understood language.
  • Make considered decisions that protect and enhance the company’s values, reputation and business.
  • Proven experience undertaking assessments of controls.
  • Appropriate Risk, Audit, IT Security qualifications desirable.

Note: Prepare your CV in English (PDF), fill in the form, and apply!

Please include in your CV the following clause necessary for the recruitment process:

“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Technology Controls Manager position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”

* - required

To apply for this job email your details to sylwia.lupa@dotcommunity.eu