• Oversee and support Data Sharing activities across Finance globally including understanding and communicating changes to laws and regulations
• Provide oversight and guidance over related matters including Group Material Outsourcing and Privacy Impact Assessments
• Support and deliver against Finance’s Conduct and Personal Account Dealing requirements
• Provide central guidance and communications to stakeholders and effectively address any queries
• Effectively represent Finance in Working Groups and other similar forums
• Provide communication, guidance and sharing of best practices
• Identify and drive process improvements
• Value different perspectives, creating an inclusive environment, valuing and leveraging diversity, and being sensitive to other cultures
• Work well with staff from other departments and within the team
• Integrate Data Sharing risks within the Operational Risk framework
• Keep abreast of industry-wide developments and assess how these may impact the internal control environment

Skills: Data Sharing, Regulatory Oversight, Risk Integration, Process Improvement, Stakeholder Guidance, Policy Communication, Inclusive Culture, Control Assessment

• Understand Information Risk Management/Information Security policies and standards and associated security controls, especially in the Information Security Management ISM and Technology Risk Management TRM domains
• Understand organizational capabilities and the gaps in meeting regulations/security trends/policies/standards
• Provide advisory and guidance on Information Risk, Technology Risk and Regulatory Risk for information services and business
• Provide consultancy and advisory services on IT initiatives and application solutions (processes/technology/architecture) to adhere to policies and procedures
• Provide consultancy and advisory services on threats and vulnerabilities
• Maintain and promulgate the penetration test and vulnerability detection framework
• Manage the annual penetration tests
• Provide assurance services on IT security controls functionalities, or initiatives, e.g., DLP
• Provides service as Subject Matter Expert for regulatory examinations
• Conduct 2nd line reviews on the Information Risk Assessments conducted on High Risk initiatives/projects
• Participate in the enablement of security processes within methodologies, e.g., DevOps, Agile, etc
• Review Security incidents to provide advice on root cause eradication
• Provide advisory/assistance to the BUs in the identification of their Risk profile and establishment/maintenance of a Risk Register
• Provide advisory/assistance to the BUs in the establishment of a Country Information Risk Council for information risk governance

Skills: Risk Advisory, Security Controls, Regulatory Guidance, Threat Analysis, Penetration Testing, Control Assurance, Incident Review, Risk Governance

• Developing and maintaining key stakeholder relationships across the business as a ‘critical friend’/business partner
• Providing oversight and challenge of information risks across the business including technology, information security and data quality risks
• Act as a subject matter expert for information risk management and security-related matters across the governance functions
• Leading and supporting risk/security assessments of information and security risks and controls across the business
• Providing oversight and challenge of the business response to technology and information security risk incidents and events
• Providing review and challenge for change projects related to technology, information security and data at both workstream/project level and at steering committee level
• Developing the Information risk framework within the business including the implementation and embedding of the tools, policies, standards and procedures required to support risk oversight and assessment
• Promoting and embedding Enterprise Risk Management (ERM) processes, awareness and understanding across the technology, information security and data teams
• Horizon scanning/assessing the impact of technology and data change across the business
• Ensuring timely identification of key themes and emerging risks, issues and exposure
• Providing recommendations to management to mitigate and resolve potential issues
• Reporting and escalating on risks and issues to leadership, relevant working groups, management committees and Boards
• Monitoring and assessing compliance with business minimum standards in relation to technology, information security and data

Skills: Stakeholder Management, Risk Oversight, Subject Expertise, Security Assessment, Incident Response, Change Review, Framework Development, Compliance Monitoring

• Responsible for maintaining and improving PIA processes and for executing PIAs or DPIAs
• Work directly with Information Security colleagues on the initial investigation, and with the Chief Privacy Officer and Legal Counsel on any decision to report an incident to authorities
• Responsible for the continuous oversight, reporting and enhancement of these processes
• Updating to reflect changes in organization or processes
• Responsible for the effective management of all Privacy program documentation
• Responsible for maintaining and executing on this training program and improving the effectiveness of Data Protection/Privacy training efforts
• Ensure that all Privacy-related notices on websites are current and complete
• Monitoring and reacting to developments in privacy regulations globally
• Helping MSCI understand and prepare for such emerging regulations and for adapting the existing GDPR compliance program to cover new compliance requirements
• Help respond to requests for information about MSCI’s GDPR compliance and privacy protections from clients and other parties
• Serve as the Secretary to the firm's Privacy Steering Committee
• Set the agenda, prepare materials and manage follow-ups
• Develop and support ongoing privacy program status reporting and metrics, which are provided to the Privacy Steering Committee, as well as IT and Enterprise Risk forums
• Play a leadership role in supporting such audits
• Responsible for supporting the implementation of controls with IT and Information Security Teams to protect the firm’s information assets, not limited to personal data

Skills: PIA Management, Incident Oversight, Process Reporting, Privacy Documentation, Training Delivery, Regulatory Monitoring, Committee Support, Control Implementation

• Implement the IRM strategy within VLK
• Perform Information risk and control assessments in a challenging Agile organization
• Maintain and execute group-wide ORM instruments (e.g. scenario analysis, ICAAP, Risk appetite and KRI’s)
• Support the execution of the organisation’s risk framework
• Provide risk oversight across IT, Information Security, operational resilience and various projects
• Maintain and implement a risk-aware culture across the organisation at all levels
• Provide oversight to and enforce standards, procedures, practices and group policies in the business
• Disperse knowledge and reviews on areas of concern
• Provide board and committee-level Information security and IT risk reports using MI
• Keep the organisation’s risk and information security policies progressive
• Provide pragmatic risk-focused advice in line with the organisation’s existing and developing risk processes to implement strategies

Skills: IRM Strategy, Risk Assessment, Framework Execution, Risk Oversight, Culture Building, Policy Enforcement, Risk Reporting, Advisory Support

• Supporting CISO regulatory due diligence activities and providing updates on completion status, risks, and issues to delivery
• Coordinating with global teams to prepare and present reports of CISO risk and control metrics to BBPLC Singapore and APAC
• Contributing to the identification of key CISO-related risks for escalation to stakeholders and reporting to risk and control forums
• Supporting the coordination and execution of outsourcing due diligence for CISO risks
• Developing and maintaining strong partnerships with CSO, business and functional stakeholders to effectively execute on BBPLC CISO objectives
• Carrying out reviews on new outsourcing proposals and annual reviews on existing outsourcing arrangements
• Supporting the Singapore cyber security incident escalation
• Reporting process, and work with global teams to advise Singapore stakeholders on the impact of incidents
• Carry out CISO awareness and training sessions 

Skills: Regulatory Support, Risk Reporting, Risk Identification, Due Diligence, Stakeholder Management, Outsourcing Review, Incident Escalation, CISO Training

• Providing expert advice and assurance on the implementation of the Cyber Security Strategy
• Ensuring the strategy operates within the boundaries of ING policies and standards
• Assisting the IRM Lead in the overall and ongoing development
• Embedding and management of operational risk management and its associated frameworks across the business which includes training and knowledge sharing across teams on various risk topics
• Contributing to operational risk reporting including the bank’s Non-financial Risk profile
• Emerging risks and effectiveness of the Operational Risk Management Framework including associated policies and procedures, with a specific focus on cyber security
• Embedding a risk-aware culture across the Group, through specialist IT, risk, information security and operational resilience expertise
• Deliver oversight of change initiatives and projects with a focus on information security and resilience risks
• Produce IT risk/information security reports and MI
• Identify, support and challenge key areas of risk and evaluate controls
• Ensure all incidents are effectively managed and resolved

Skills: Cyber Strategy, Policy Compliance, Risk Development, Framework Management, Risk Reporting, Culture Building, Change Oversight, Incident Management

• Progressive experience in Information Risk/Technology Risk Management, with most of that time spent in a large, complex organization
• Experience using a GRC platform
• Working experience in Archer
• Proven ability to work with multiple stakeholders across functional groups
• Experience documenting business requirements, process flows, working with agile teams and interacting with system solution architects
• Strong communication skills and ability to explain highly technical information for non-technologists including senior executives
• Innovative problem-solving and analytical skills
• Proven ability to exercise flexibility and judgment
• Ability to build relationships, engage and influence others, working with a diverse internal and international user community
• Experience in information technology, information security, risk management, compliance or IT audit function, gained from MNC, external audit firms, insurance, banking or financial institutions
• Sound knowledge in FinTech technologies, automation and workflow tools, security architecture, information risk management, regulatory requirements, industry’s standards and best practices
• Self-motivated and have the ability to perform risk assessment, conduct research and analysis independently
• Good analytical, technical, report writing, communication and presentation skills

Qualifications: BS in Computer Science with 9 years of Experience

• Strong technology background and risk management experience, including regulatory requirements (e.g., from BaFin, MAS, SEC, etc.)
• Broad knowledge and understanding of the primary technologies in use at AllianzGI
• Validated knowledge to research and learn emerging technologies
• Good skills in Information Security and risk
• Experience in developing solutions to mitigate risk
• Experience in working with diverse global teams
• Excellent communication skills (communicating and reporting sophisticated technical concepts to business and risk partners)
• Experience interacting directly with senior stakeholders (C-Suite, Board and Regulators)
• Broad knowledge of financial services
• Experience in direct risk management, compliance, regulatory or audit experience
• Experience handling multiple concurrent projects and priorities
• Excellent social and interpersonal skills
• Ability to develop a network in a short amount of time
• Must have fluent English

Qualifications: BS in Information Systems with 8 years of Experience

• Able to influence the decision-making process and enhance influencing skills
• Able to be part of a highly skilled team of ORM professionals
• Work experience in Operational risk or adjacent fields (compliance, internal control audit, risk consultancy)
• Good verbal and writing skills, both in Dutch and English
• Ability to connect at different organizational levels
• Experience with Asset management and/or ISAE 3402 statements 
• Proficient at managing an ISO 27001 and ISO 22301 certification
• Good experience/knowledge of Information Security and Business Continuity Management/ BCM
• Working experience in Investment Management/Banking 
• Experience in business continuity and crisis management planning
• Comfortable coordinating resources and managing expectations
• Ability to communicate clearly with senior management

Qualifications: BS in Information Technology with 7 years of Experience

• Must have GSEC, CISSP, CISM, CISA, CRISC, CGEIT
• Excellent knowledge of security systems and applications
• Knowledge of the financial services industry and its regulations/laws
• Knowledge of security systems and applications 
• Able to assist in communicating related policies, procedures, and guidelines
• Thorough understanding of control and risk management concepts
• Knowledge of the operational aspects of the information risk business
• Strong MS Office skills, along with strong verbal and written communication skills
• Able to facilitate requirements gathering
• Able to communicate risk mitigation strategies and track remediation
• Proven knowledge of application security assessment methodologies and technologies
• Experienced in application security-related standards, and best practices such as secure code reviews, secure SDLC and application vulnerability management
• Prior experience with application development, Agile, and SDLC-related processes

Qualifications: BS in Cloud Computing with 8 years of Experience

• IT experience, the majority of which should be in front office technology at a financial institution
• Experience in IT Risk and Control or Information Security role in the financial services sector
• Demonstrated experience working with the regulators in China, articulating in local regulations and laws about IT Risk
• Stakeholder engagement skills, including the ability to influence senior management
• Demonstrable track record of successfully working with poorly defined problems and driving change
• Excellent negotiation and influencing skills
• Strong decision-making capability
• Excellent written and oral communication skills in both English and Chinese
• Extensive experience in technology or IT risk management for a financial institution 
• Strong background in IT Risk Advisory
• Demonstrated capability of designing and implementing cross-functional programs
• Strong project management skills
• Proven track record of implementing successful risk or technology management solutions
• Proven track record of developing and maintaining senior-level stakeholder relationships
• Must have an Industry qualification, e.g., CISA, CISSP, CISM, CRISC

Qualifications: BS in Business Information Systems with 9 years of Experience

• Combined experience across risk and program management
• Experience implementing and/or maturing risk management programs at scale
• Experience implementing quantitative analytical frameworks (i.e., FAIR)
• Must have CISSP, CISA, or equivalent certification/experience
• Deep understanding of information security control and management frameworks such as CMMC, ISO-27001, NIST 800-171/172, NIST 800-53, etc.
• Working experience in GRC, SOX, PCI, CMMC and/or business resiliency 
• Strong communication skills across all organizational levels and the ability to build cross-organizational coalitions
• Direct experience with regulatory compliance reviews and examinations
• Project and program management experience, tooling integration, and delivery in highly fluid environments
• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management

Qualifications: BS in Network Security with 6 years of Experience

• Experience with a thorough understanding of information security principles and practices
• Previous client-facing and advisory experience
• Big 4 IT risk management consulting experience 
• Experience in a Cyber Security or Risk Advisory role for regulated environments
• Excellent written and verbal communication and organizational skills
• Strong team player who collaborates well with others to solve problems and actively incorporates input from various sources
• Able to work with minimal supervision
• Experience with working on global teams across time zones, cultures and languages
• Ability to think strategically, work with a sense of urgency and pay attention to detail
• Experience performing Information security risk management tasks within a large organization
• Proficiency and experience in the execution of dynamic controls frameworks and regulatory standards to include ISO, COBIT, NIST, HIPAA, GCP, GLP, GMP, (GxP), PCI, HITRUST, and other relevant industry regulations, standards, and guidelines
• Proficiency and experience, devising and using information security risk management tools and related methodologies to include GRC tools and applications
• Ability to create professional documents using Excel, PowerPoint, Word, and other common industry-recognized tools
• Strong intellect and analytical skills
• Familiar with current good security practices gleaned from sources such as ISO and NIST, plus applicable laws and regulations
• Must have Security certifications such as HCISPP, CHPS, CISA, CISSP, CISM, and CRISC

Qualifications: BA in Business Administration with 9 years of Experience