The bank for a changing world

Business and Information Security: IT Control Manager


Standard / Permanent



Job function




The IT OPC manager has to ensure, in coordination with different stakeholders (Global IT Business Units OPCs, APAC IT Business Units OPC, APAC 2OPC, APAC Anti-Fraud, Territory OPCs, Local and Regional Metier OPCs, Regional CIOs, CISSO and CTO, APAC Compliance) the implementation of an efficient Operational Risk and Control framework within all Business Units in charge of IT activity:
Permanent Controls
  • Ensuring the deployment of generic controls and ensuring control tool usage by IT teams
  • Supporting/supervising  the APAC IT Business Units OPC teams  for performance of defined Controls of Controls 
  • Verifying and signing off all the Controls of Controls. Alert the Head of APAC IT OPC on controls not done
  • Verifying action plans related to controls results are identified and followed by Regional IT Business Unit OPCs and APAC CIOs or CTO or CISSO or Local head of IT when applicable
  • Verifying all the level 1 controls are signed off with Regional IT Business Unit OPCs, otherwise alert and gain the missing sign off
  • Assisting the Head of APAC IT OPC to improve the IT control setup : measuring controls effectiveness and efficiency in place for operational risk reduction
  • Reporting control results for APAC (consolidated view) and IT Business Units to measure residual risk level on IT processes
  • Ensuring the role of procedures correspondent (cf. Level 2 procedure CG0197EN) at APAC level
  • Assisting the APAC IT Business Unit OPCs to identify the procedure needs and ensuring that IT procedures/processes for IT activities are formalised , compliant with Group/CIB requirements , stored and updated on regular basis by each IT OPCs
  • Ensuring the deployment of procedures /processes defined by Regional IT OPCs
IT Risk Management
  • Making IT risk assessment with the APAC IT Business Units OPCs or assisting the teams in identification and assessment of IT risks 
  • Maintaining the list of IT operational risks at APAC level to facilitate monitoring and reporting of risk
    • Coordinating/identifying APAC IT risks with regular analysis and evaluation of the underlying risks (via the mapping and analysis of historical incidents having an IT cause, recommendations…) with APAC IT Business Units OPCs and APAC CIOs, CTO and CISSO
    • Managing risk findings resulting from production incidents, projects with APAC IT Business Units OPCs and APAC CIOs, CTO and CISSO and raised risks ( e.g: ICC, APAC IT OPC Steering Committee…)
    • Identifying solutions to mitigate the risks (punctual actions, new controls or update of the controls)
IT Recommendations and Findings follow up
  • Supporting/assisting the APAC IT teams during the Audits (internal, external, regulator): preparing the IT teams
  • With all OPCs teams in APAC, follow-up of APAC IT recommendations and findings (IG/Audit/regulator) stock in accordance with the Group/CIB objectives
    • Evaluating the confident level for closure with OPCs community
    • Verifying the effective follow up by OPCs teams
    • Identifying overdue recommendations and findings and identifying the issues with OPCs and alerting Head of APAC IT OPC
  • Assisting the Head of APAC IT OPC for APAC IT OPC steering committees: make the supports, write the minutes, follow identified actions
  • Consolidating and preparing the APAC contributions for Internal Control and Permanent control committees as well as the Permanent Control narrative report with the Head of APAC IT OPC
  • Assisting the Head of APAC IT OPC to produce the Regional IT OPC dashboard (ORCO report) covering IT recommendations, IT findings, IT historical incidents and controls results.
Project mode
  • Assisting the Head of APAC IT OPC on the project part of the department
    • Identify controls (Level 1 and Controls of Controls) for APAC and/or specific entity with APAC IT Business Unit OPCs thanks to continuous assessment (risk assessment, Recommendation and IT operational incident analysis), requirements from IT teams, Regulatory requirements, analysis of controls results
    • Formalise/Design the new generic IT controls for APAC and organise the validation session with CIOs and their OPCs
    • Ensure the consistency with the CIB global controls, Global Business Unit controls, Group controls
    • Follow up of development and implementation of controls in the control tool (ORUS): perform the test in UAT, organise the project committees with IT ORUS team
    • Follow up of project planning and costs
  • Improving the current reports/dashboard
  • Continuously improving the framework to provide assurance that the internal controls meet best practices and regulatory requirements as appropriate
  • CIB divisions : Business and Information Security
  • Internal Audit / Inspection General
  • APAC Anti-Fraud
  • Global IT OPCs
  • Local OPCs
  • Regional CIOs, CTO and CISSO   
  • External auditors

Essential Technical Knowledge/Skills:
  • A solid background in operational risk management and control framework
  • Knowledge of IT practices :project management ,security, continuity and production
  • Excellent analytical skills and reporting capabilities (KPIs, dashboards, metrics, assessment …)
  • A practical understanding of a large bank’s organisation and systems
  • Familiar with process analysis and improvement, drafting of workflows and procedures
 Qualifications and Experience:
  • At least 5 years of experience in a Risk, Control and Audit environment
  • At least 5 years of experience in IT environment 
  • Required certification : CRISC
  • Recommended certification: CISA 
Other Value-Added Competencies:
  • Attention to detail
  • Ability to manage several initiatives/projects and keep these on-track simultaneously
  • Ability to effectively manage your own time and the priorities
  • Interpersonal skills, ability to consolidate action plans and report progress status
  • Pragmatic, ‘Can do’ attitude & Proactive approach with a strong ability to work on own initiative
  • Capable of adapting to a new environment and to work under pressure towards tight deadlines
  • Excellent oral and written communication
  • Good interpersonal skills
  • Big picture awareness