Senior Professional, Information Technology (Governance Risk and Compliance)

Closing on: July 17 at 11:59 pm (China Standard Time)

Duty Station: Shanghai, China

Target Market: Global recruitment

Job description: Senior Professional, Information Technology (Governance, Risk and Compliance)  

The Information Technology Division, under the Office of the Vice President for Administration, is functionally responsible for developing the Bank's IT strategy, policies and guidelines and operating IT process and systems. The division leads in the setting up, analysis and review of IT systems, services and solutions in domains of specialization (i.e., Business Applications, Technology Infrastructure, Workspace and Facility, Application Development, Data and Analytics, Information Security, IT Supply and Demand) ensuring that the Bank's IT systems and services are built and aligned with “best in class” industry norms.  These systems and services are critical to accelerating and expanding the Bank’s operations, strengthening its reputation as an innovative International Financial Institution (IFI).

The Senior Professional, GRC (Governance, Risk and Compliance) position will be responsible to ensure the coherence with internal policies and guidelines, applicable regulations, and industry best practices. The IT GRC senior professional will lead and manage IT GRC projects and initiatives, identify and mitigate IT risks, and develop and implement IT policies, guidelines and procedures, and coordinate the solution to resolve audit issues and risk findings. The staff works as the focal point to various internal stakeholders, including Internal Audit and Risk Management. The staff shall also have oversight of Information Security risk including IT system disaster recovery.

Duties and Responsibilities:

• Maintain IT risk management framework as first line of defense, conduct IT risk assessments and identify relevant issues and mitigation measures.
• Oversee, implement and maintain IT polices and controls to  ensure conformance with applicable regulations and industry practices.

• Serve as a subject matter expert on IT governance, risk management, and compliance frameworks such as COBIT, ISO, NIST, and GDPR, etc.
• Develop and deliver IT GRC training and awareness programs to educate stakeholders on IT risk and compliance requirements.
• Monitor and analyze industry trends and regulatory developments related to IT governance, risk management, and compliance, and recommend appropriate actions.
• Lead and manage IT GRC projects and initiatives, including project planning, resource allocation, and progress tracking.
• Prepare and present IT GRC reports and metrics to Senior Management and other related stakeholders.
• Collaborate with internal and external auditors and the internal control and risk mangement unit to facilitate audits and control testing and ensure compliance with relevant requirements and recommendations.

• Collaborate with stakeholders to understand their needs, negotiate requirements, and present solutions.
• Identify areas for improvement, analyze business objectives, and develop technology interventions based on rigorous research and prioritization.
• Design, propose, source, and implement cost-effective, cloud-based solutions aligned with business needs, applying sound business acumen and technology assessments.
• Coordinate internal resources, lead domain-specific solution design, and ensure high-quality, integrated implementation of technology solutions that align with the organization's business, technology, and control environment.
• Identify and assemble structured and unstructured datasets from various sources to meet business requirements.
• Conduct training, workshops, and presentations for business units.
• Perform other assigned duties and responsibilities.

Target Skill Profile

Substantive Knowledge

• Demonstrated capacity gained through education and experience in this field reflecting conceptual understanding in an operational setting.
• Understand the program framework and the integration of different programmatic elements into the project/service portfolio.
• Develop and execute program plans across a range of well-defined and established programmatic elements aligned with broader organizational objectives.

Communication Skills

• Demonstrated Skill gained through exposure/experience in relationship management.
• Excellent written and verbal communication skills in English.
• Ability to work well under pressure and meet deadlines, demonstrating high motivation, integrity, and responsibility.
• Strong analytical and critical thinking skills with a meticulous attitude.
• Ability of multi-tasking and managing projects in parallel.
• Exceptional strategic thinking, leading change, problem solving, communication, conflict management and resolution and interpersonal skills with high resilience and drive in achieving objectives and goals.
• Relevant experience in a multi-cultural work environment fostering a climate of teamwork and collaboration.
• Advise team on possible impediments to sustaining delivery standards to develop strategies.
• Engage clients proactively to define expectations/needs and build an informed framework for service delivery.

Execution Skills

• Demonstrated Achievement in the consistent delivery of programs/services through adaptation.
• Meet consistently the program delivery standards on timing and the deployment of resources.
• Meet consistently program delivery standards in terms of quality/relevance.

Requirements

• A minimum of 7 years relevant experience in Information Security, IT risk management, governance, and compliance frameworks, preferably in a multilateral development bank or regulated private/public sector financial institution, global financial services organization, or large corporate enterprise.
• Master's degree or equivalent in a relevant professional field from a reputed university. A degree in computer science, cyber security, IT general control and security audit, IT risk management, compliance management, data privacy or related domain is preferable.
• Ability to objectively critique business processes, scenarios and controls.
• Possession of security and risk certifications, such as CISSP, CISM, CISA, CRISC, etc. is preferred.
• Knowledge and experience in security, risk, and compliance frameworks such as COBIT, NIST, ISO, SOX, etc.
• Good understanding and practical experience working with privacy and legal requirements, such as GDPR, PIPL, data security, sanction, embargo, etc.
• Solid skills in evaluating IT risks and controls and developing IT governance policies and processes to support organization development and implement management solutions.
• Good knowledge in information security, architecture and performance, system resilience, access control, privileged account management, monitoring, and log management.
• Proven experience with ITIL, project management (PMP), architecture, information security, and governance processes.
• Excellent communication and presentation skills. Ability to work collaboratively and effectively with IT, business units and other organizations.
• Effective in building partnerships with organizational leaders and reporting to senior management.

For candidates based in Russia, if you face any technical difficulties, please email your resume and cover letter to career@ndb.int with the Job Title and Requsition Number in the email subject line.