Information Technology and Security Risk Management Consultant
Location:
The IDB Group is a community of diverse, versatile, and passionate people who come together on a journey to improve lives in Latin America and the Caribbean. Our people find purpose and do what they love in an inclusive, collaborative, agile, and rewarding environment.
About this position:
The Financial and Operational Risk Division (RSM/FOR) of IDB Invest is looking for a professional with strong risk management background, specifically in operational risk management, to support IDB Invest management to deploy the operational risk management framework and improve internal controls in the business units.
RSM/FOR, part of the Risk Management Department, is responsible for managing financial and operational risks of IDB Invest. The team is divided into three main parts:
- Portfolio Management and Risk Data: responsible for overseeing the growth of the portfolio, considering concentrations and other risk parameters, providing portfolio risk guidance to the business areas, managing cross-booking allocation and limits, RAROC, Risk Management MIS, reporting and limit controls.
- Market Risk: responsible for the design, implementation, update, and ongoing execution of the Market Risk Management framework. The team identifies, quantifies and monitors interest rate risk and foreign exchange risk of the balance sheet, and the price risk of the liquid investment portfolio. This area is also responsible for capital management, economic capital and counterparty credit risk management.
- Operational Risk Management: responsible for assessing and maintaining an appropriate internal control environment, managing a full operational risk framework as a second line of defense.
What youโll do:
The consultant will support the activities related to the implementation, maintenance, and monitoring the information technology and security risks for IDB Invest systems.
- Review the risks and information technology controls documentation, guidelines and procedures to evaluate the operational risk management.
- Review, document and socialize information technology and security risk guidelines and standards for managing and controlling the risks.
- Provide effective critical challenge of the identification, assessment, treatment, monitoring, and reporting of information technology and data protection and security risks within IDB Invest processes.
- Review, test, and document the design and effectiveness of the information security, data protection and technology controls implemented in the IDB Investโs processes, systems, and solutions (built in-house, outsourced, or by third parties).
- Develop and communicate to the business units the recommendations to mitigate the operational risk identified during the risk assessment and coordinate with the business units the action plans definitions.
- Review and identify gaps, control deviations, and improvements as well as communicate and monitor the action plans to the interested parties.
- Review and monitor the implementation activities of ICFR risk assessments in IDB Invest selected processes and systems during the year and prepare the risk reports and indicators.
- Investigate, monitor, evaluate and report periodically risk, incidents and key risk indicators regarding selected IDB Invest processes and systems.
- Provide training and awareness regarding information security, and operational risk matters.
- Review. evaluate, and document improvements regarding the evaluation model for information technology and security risks based on the ITGC and applications controls, COBIT, and NIST best practices and standards.
Deliverables and Payments:
Payment (%)
Deliverable
Description
20%
Upon signing the contract
20%*
Deliverable #1
Project documentation review for selected IDB Invest
processes and systems.
IT flowcharts documentation.
IT risk and control description and evidence by risk.
Adjustments and results based on guidelines an
procedures review.
20%*
Deliverable #2
First draft of the preliminary risk assessment of the
selected systems and processes.
Risk and control matrix documentation.
Test procedure documentation and evidence of testing
results by control.
Recommendations, action plans and incident
monitoring documentation.
40%*
Deliverable #3
final deliverables related to the risk assessment of the selected systems and processes.
*Payment contingent on the satisfactory approval by IDB Invest
What you'll need:
- Education: