Information & Operational Risk Officer

The Information & Operational Risk Officer is positioned in the European Information & Operational Risk Management department and reports hierarchically to the European Head of Information & Operational Risk Management, based in Amsterdam, and operationally to the UK Head of Compliance, based in London. The role is part of the regional Information & Operational Risk Management department. Your job Please note we have two levels for this role an Associate Director and Director level. The ABN AMRO Clearing Information & Operational Risk Management (I&ORM) department strengthens the ability of ABN AMRO Clearing to continuously meet its regulatory requirements and to service its clients out of a robust environment by providing independent risk assurance on information security management, business continuity risk management, data management and a sound control framework. The I&ORM function is part of the second line of defence for all risks except for (client) Market Risk, Asset Liability Management Risk and Credit Risk.

• Contribute to the development of the year-plan for the (EU) UK I&ORM Department, based on the AACB Global Risk and EU Risk Plans for Information and Operational Risk
• Strive to harmonize the implementation of the Non-Financial Risk Framework and Processes on IT Risk Management including Cyber Risk, and Operational Risk Management including Data, Fraud and Operational Resilience.
• Be the joint Risk Owner in I&ORM Europe for Information Risk and Data Risk. Review business documents and assessments and write opinions on the basis of these reviews.
• Cooperate with Global Information Risk Management on enhancing and embedding the Information Risk Framework, the development of Information Risk instruments, and the follow-up of IT related findings.
• Cooperate with Global Operational Risk Management on enhancing and embedding the Data Risk Framework.
• Participate in the yearly determination of I&ORM Risk Appetite Statement and associated Risk Metrics.
• Input and participate in Business Process Management related activities.
• Review and challenge 1LoD assessments on Cyber Security, IT Continuity, and Operational Resilience.
• Ensure the successful implementation and embedment of the internal control framework for Operational Risk Management and Information Risk Management (e.g. NIST FS) by performing deep dives, independent assessments (e.g. Risk Self Assessments, Change Risk Assessments, Product Reviews), and testing of controls. This includes but is not limited to: Event and Incident management. Risk assessments with specific focus on Information & Cyber security. Data Management assessments. Fraud assessments.
• Ensure compliance to UK-specific regulations of internal control framework in UK, align with I&ORM EU and Global teams on specific needs and/or local deviations
• Identify potential and emerging risks and provide risk opinions to management.
• Prepare management reports or materials in support of committees (e.g. ECBRC), regular meetings (e.g. UK MT), regulatory interactions (e.g. UK FCA, European Central Bank, Dutch Authorities), audit interactions and BCGC meetings.
• Represent EU UK I&ORM in projects and/or initiatives (e.g. Artificial Intelligence).

A degree in a subject such as Information Technology, Risk Management or Business Administration or related. Preferably Information Security qualifications such as CISSP/CISM and CISA. Good working knowledge of industry standards in Operational Risk Management, Information Technology and Information Security (e.g. ITIL/COBIT). Good working knowledge of Operational and Information Security best practices, particularly in respect to financial services (ISO 27001/2). Good working knowledge of Financial Markets, Trade Execution Services, Clearing and Post Trade processes. Good working knowledge of UK and European regulatory frameworks towards Operational and Information Security (e.g. MiFID, Basel II/III, Dodd-Frank, EMIR, DORA).

Joining ABN AMRO means working on meaningful projects. Projects that have an impact on our clients. Working with a wide range of people with different backgrounds, opinions and ideas. In the UK, in the Netherlands or elsewhere in our international network. We offer an environment where you will be challenged on a daily basis – professionally as well as on a personal level – so that you can grow to become the professional you want to be.