ICT Risk Management Officer (m/f)

Contract – Undetermined

Job Type – Full Time

Location – Luxembourg

Mizuho Trust & Banking (Luxembourg) S.A.

is part of the Mizuho Financial Group, a Holding Company,

which is one of the world’s largest financial group.

Within the framework of our Luxembourg based activities, we are recruiting a:

ICT Risk Management Officer (m/f)

to strengthen the Risk Management Department.

Your responsibilities

• Maintain and improve the ICT risk management framework and its associated components (e.g., Risk & Control Self Assessments, ICT Risk Assessments).
• Continuously examine and evaluate ICT processes in regards to the bank’s risk appetite/tolerance.
• Assist the 1st line of defense for assessing and processing ICT risks (Risk Control Self-Assessment process)
• Maintain an inventory of known risks and risk attributes, including expected frequency, potential impact, and responses.
• Assist the CISO in maintaining an information security plan in alignment with the bank’s strategy and architecture.
• Engage with 1st LoD to ensure policies and procedures adhere to developed standards and guidelines.
• Assist IT Dept. to develop a comprehensive disaster recovery plan and ensure the resilience and recoverability of IT systems in line with Business Continuity Plans.
• Support and conduct external and internal audits for the implementation of applicable security controls and regulatory compliance requirements.
• Ensure an efficient follow-up of audits.
• Ensure the preparation and organization of the ICT and IS Risk Management Committee.

Your profile

Education and experience

• Master’s degree in Information Technology or equivalent
• ICT / ICT Risk Management relevant certifications (CISM, CRISC, CISA, ISO 27005, ISO 22301, ISO 27001, CISSP, ITIL, etc...)
• Demonstrated expertise (3-5 years) in the field of ICT Risk Management, coupled with a solid foundation in Information Security or IT Audit.

Knowledge

• Comprehensive understanding of banking operations and associated processes.
• ICT risk management methodologies and their practical applications.
• Good knowledge and understanding of ICT & IS frameworks and Standards (e.g. COBIT, ISO 27001, ISO 22301, NIST CSF, ITIL, PCI-DSS, etc.)
• Knowledge of ICT and IS regulations (e.g. DORA, NIS2, GDPR, EBA Guidelines, CSSF Circulars 20/750, 22/806, 24/847, etc.).

IT Skills

• Good knowledge of main ICT and Security processes including but not limited to Patch & Vulnerability Management, Asset & Configuration management, Incident & Problem management, Change Management, IT third party management, Logical Access Management, IT Continuity and Backup, etc.
• Good understanding of key ICT concepts: IT architecture, computer systems, network and communication systems, operating systems, middleware, programming languages, etc.
• Good understanding of network/ cybersecurity technologies (Firewall, web proxy, Data Leakage Prevention, Endpoint security, Remote access, etc.)
• Good strategizing skills for developing creative strategies to protect against risks while minimizing threats.

Languages

• Fluent in English and French

Personal skills

• Ability to convey complex technical information to non-technical audiences, bridging the gap between IT jargon and business stakeholders.
• Strong interpersonal skills and ability to effectively communicate with a wide range of individuals and constituencies in a diverse community.
• Prioritize tasks, and manage time effectively.
• Ensuring accuracy in documentation and processes.
• Articulate ideas logically and succinctly in reports, emails, and documentation; while adapting communication style appropriately.
• Articulate ideas logically and succinctly in reports, emails, and documentation; while adapting communication style appropriately.
• Work autonomously when needed, while also contributing effectively within a team.
• Analyze situations, identify patterns, and propose solutions and the ability to evaluate scenarios and make informed decisions.

Job Benefits

• Excellent work-life balance
• Harmonious and stable working environment
• Positive and inclusive environment
• Training and career development
• A hybrid working environment offering flexibility and the possibility to telework
• Wide range of fringe benefits (lunch vouchers, pension scheme, etc.)
• Free parking near the Bank

Criminal record: This position may require a condition of a good repute. The law on the financial sector provides that the good repute of a candidate shall be assessed on the basis of (i) criminal records and (ii) any evidence tending to show that the candidate is of good repute and offering every guarantee of irreproachable conduct. Eventually the candidate’s name will also be screened through our name screening tool which imports, respectively, the latest versions of the World-Check blacklists, and runs an automated screening process of all names.

If you are interested in this position, please apply to [email protected]

Please note that, in the course of our recruitment process, we will collect and process certain of your personal data as detailed in our applicant privacy notice [https://www.mizuho.lu/web/guest/en/contactus/recruitment].

In case your application for employment is unsuccessful, we may continue to hold your personal data for future reference for a limited period of time not exceeding two years. You may access, modify or delete such data by simple request to [email protected].