IT Risk Officer

Job Summary:

The IT Risk Officer is responsible for identifying, assessing, and managing technology-related risks to ensure that the bank’s IT systems, processes, and data are secure and comply with regulatory requirements. The role focuses on mitigating operational and cybersecurity risks, ensuring the continuity of IT services, and supporting the bank’s risk management framework in alignment with BSP regulations, particularly under the Bangko Sentral ng Pilipinas (BSP).

Key Responsibilities:

Risk Identification and Assessment

• Conduct regular risk assessments of IT systems, infrastructure, and processes, identifying potential risks, vulnerabilities, and threats.
• Collaborate with the IT and business units to ensure risk mitigation strategies are in place for identified IT risks.
• Continuously monitor the risk landscape and emerging technologies to assess new potential risks.

Compliance with Regulatory Requirements

• Ensure compliance with BSP regulations, particularly those related to information security, cybersecurity, and IT risk management (e.g., BSP Circular No. 982).
• Implement and maintain risk management policies and procedures as per the BSP’s Manual of Regulations for Banks (MORB).
• Ensure timely reporting of IT risk incidents to the BSP and internal stakeholders in accordance with regulatory requirements.

IT Risk Governance

• Establish and maintain an IT risk governance framework that aligns with the overall risk management policies of the bank.
• Participate in the development and review of IT-related policies, ensuring alignment with the bank’s risk appetite and regulatory standards.
• Conduct IT risk assessments for new products and services, including digital banking initiatives, to ensure they align with bank policies and BSP guidelines.

Cybersecurity Management

• Oversee the implementation of the bank’s cybersecurity controls, ensuring that adequate measures are in place to protect against internal and external threats.
• Coordinate with the IT department to ensure regular vulnerability assessments and penetration testing are conducted, and remediation actions are implemented.
• Develop and maintain incident response procedures for cybersecurity threats, ensuring timely recovery and compliance with regulatory reporting.

1. Business Continuity and Disaster Recovery

• Ensure the bank’s IT Disaster Recovery Plan (DRP) is up-to-date and tested regularly, in compliance with BSP regulations.
• Collaborate with the Business Continuity team to integrate IT risk management practices into the bank’s overall Business Continuity Plan (BCP).
• Manage IT-related crises, ensuring the continuity of critical IT services during disruptions.

Vendor and Third-Party Risk Management

• Evaluate IT risk exposure in relation to third-party vendors and service providers, ensuring proper risk management practices are in place.
• Conduct due diligence and risk assessments on third-party vendors handling sensitive data or providing critical IT services.
• Monitor third-party compliance with the bank’s security standards and BSP regulations.

Reporting and Communication

• Provide regular reports to the Head of Risk and senior management on IT risk management activities, emerging threats, and compliance with regulatory requirements.
• Coordinate with other departments to promote a risk-aware culture and ensure IT risk management principles are integrated across all business units.

Training and Awareness

• Develop and conduct training programs for bank staff on IT risk awareness, information security, and incident reporting.
• Promote a culture of cybersecurity awareness throughout the bank to mitigate human-related risks.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, or a related field; certifications such as CISM, CRISC, or CISSP are preferred.
• At least 5 years of experience in IT Risk Management, Information Security, or IT audit within a financial institution.
• Strong knowledge of BSP regulations related to IT risk and information security, particularly BSP Circular No. 982 and related circulars.
• Experience in risk management frameworks such as ISO 31000
• Proven experience in managing IT disaster recovery, business continuity planning, and cybersecurity initiatives.
• Strong analytical and communication skills with the ability to present IT risk information clearly to non-technical stakeholders.

Key Competencies:

• Understanding of IT systems Technologies.
• Knowledge of local and international regulatory requirements for information security.
• Risk management expertise, particularly in assessing and mitigating IT risks.
• Strong leadership and project management skills.
• Ability to work collaboratively with cross-functional teams.

This role is integral in ensuring that the Rural Bank of Sta Rosa (Laguna) remains compliant with BSP regulations and is well-prepared to manage IT-related risks, safeguarding the bank’s information assets and operational resilience.