IT Risk and Resilience Support Consultant

Beijing

Organization: AIIB - Asian Infrastructure Investment Bank
Location: Beijing
Grade: Consultancy - Consultant - Contractors Agreement
Occupational Groups:
- Environment
- Information Technology and Computer Science
- Disaster Management (Preparedness, Resilience, Response and Recovery)
Closing Date: Closed

Application close date

04/18/2024

1. Project Background

The Asian Infrastructure Investment Bank (AIIB) is a multilateral development bank whose mission is financing the Infrastructure for Tomorrow - infrastructure with sustainability at its core. AIIB is building on completely new technology comparing to other organizations and companies. The new technology, outsourcing model, and unique compliance requirements bring challenges to AIIB’s development, and dramatic changes in the ways institutions must manage risk. As AIIB continues to expand its business and technology at a rapid pace, it becomes even more crucial to address the growing IT risks and challenges that may arise. Furthermore, AIIB also needs to consistently improve its resilience capabilities, both in terms of response and recovery, to ensure that essential business and IT activities can be quickly recovered and continued in the event of any disruption.

2. Objectives of the Assignment

To ensure an effective and efficient IT risk and resilience operations, it is essential to have an adequate workforce with professional expertise and extensive experience. Therefore, in addition to AIIB’s own efforts, engaging external IT professionals can bring significant benefits to AIIB. These IT professionals can provide valuable support and participate in AIIB's IT risk and resilience operations. The role of the external IT consultant will involve assisting in the assessment and management of IT risks, as well as offering solutions to enhance AIIB's resilience and recoverability. By leveraging the expertise and insights of these external IT professionals, AIIB can strengthen its capabilities in effectively managing the ever-evolving landscape of IT risk and resilience.

3. Scope of Services

1. IT Risk Operations Provide relevant support and expertise in the areas of IT Risk, IT Compliance, and IT Control management. • IT Risk Management 1) Provide advice to business and technology users on IT risk standards, security principles, and adoption of secure solutions. 2) Assist in assessing IT risks and managing relevant IT risks in the risk register; offer guidance and recommendations for risk mitigations. 3) Support to timely report non-compliance and other changes in IT risks to facilitate decision-making. 4) Support to track IT risks and ensure timely resolution with relevant stakeholders. 5) Support to calculate and analyze IT Key Risk Indicators (KRI); produce regular KRI report. 6) Support IT risk management relevant documentation and reporting. 7) Perform other duties as assigned. • IT Compliance and Control Management 1) Support to develop IT Compliance Framework, including relevant policies, procedures, and controls to ensure adherence to IT requirements. 2) Support IT GRC platform operation and maintenance involving various activities, mainly including: a) Platform Maintenance: perform day-to-day operation and maintenance tasks to address user inquiries and ensure the smooth functioning of the IT GRC platform. b) Compliance and Control Monitoring: monitor and maintain IT GRC platform to ensure it remains up to date with relevant control libraries and industry standards and internal policies. Regularly review and update the platform to reflect any changes in these controls and standards. c) Risk Assessments: utilize IT GRC platform to conduct periodic risk assessments. Evaluate potential risks and use the platform to document and track the assessments. d) Deficiencies Tracking: monitor and track deficiencies in controls that are identified through assessments or other means. Utilize IT GRC platform to document deficiencies and track progress until resolution. e) Reporting and Analytics: utilize IT GRC platform to generate reports and analytics. 3) Support to develop IT Compliance related awareness or targeted trainings. 4) Perform other duties as assigned. 2. IT Project Risk Assessment 1) Support to conduct IT project risk assessment for all in-scope IT projects, to assess project adherence to IT requirements throughout the project lifecycle and identify potential IT risks or issues. 2) Support to coordinate and communicate with project stakeholders regarding IT risks and issues identified from IT project risk assessment; provide guidance and recommendations on mitigation actions. 3) Support to track identified IT risks and issues with relevant stakeholders and ensure their resolution within agreed timelines. 4) Support to provide regular status updates on IT project risk assessment including assessment progress, identified risks, mitigation actions, etc. 5) Collaborate or provide necessary support on security related assessment for IT project when necessary. 6) Perform other duties as assigned. 3. ICFR Support and Audit Support 1) Provide support to ICFR program at AIIB, including document collection, IT General Control review and testing, control deficiency tracking. 2) Provide support to internal and external audits, including document collection, audit interview meetings, audit finding tracking. 3) Provide support to ICFR program and Audit related documentation and reporting. 4) Perform other related duties as assigned.

4. Consultancy Output / Deliverables

• IT Risk Documentation, such as IT risk registrations, IT Key Risk Indicators (KRI) reports, IT risk assessment results and reports, etc. • IT GRC Platform Reports, such as platform performance, user inquiries, system updates, improvement identified, etc. • IT Compliance and Control Documentation, such as frameworks, control library, relevant information in IT GRC platform, etc. • IT Project Risk Assessment Documentation • Project Management Documentation for Assigned Projects

5. Implementation Arrangement

work onsite in headquater

6. Support to the Consultant by the Bank

Laptop, network

7. Knowledge Transfer and Training

N/A

Qualification Requirement

REQUIRED COMPETENCES • Must be able to write thorough, concise, and user-friendly documentation. • Must be able to brainstorm with technical and non-technical personnel, thrive in a collaborative team environment, multi-task, and quickly adapt to change. • Strong background in the management of IT Risk, IT Compliance, IT Controls, IT Infrastructure, IT Resilience, Disaster Recovery. • Thorough understanding of applicable IT Risk, Resilience Risks and Business Continuity Management (BCM) requirements in financial services sector. • Familiar with enterprise risk management concepts and practices. • Hands-on experience of IT project management. • Strong technical analytical and problem-solving skills. • High degree of diplomacy, integrity, and tact. REQUIRED QUALIFICATION AND EXPERIENCE • Bachelor’s degree or higher in Computer Science, Information Technology, Computer Programming, Accounting, Auditing and/or Compliance. Equivalent combination of education and experience is acceptable. • Minimum of 2 years of work experience in IT risk management, IT compliance management, IT controls assessment, business continuity and disaster recovery management, and IT project management, or the equivalent combination of auditing, consulting, training, or work experience for international financial organizations. • Familiar with Risk & Control Self-Assessment. • Strong understanding of appropriate legal, industry standards and good practices for IT risk management and service continuity management. • Good knowledge of the NIST framework, ISO standards, COBIT, COSO, ITIL IT Service & Continuity Management process. • Certifications such as CISSP, CISM, CISA, CRISC, CIA, PMP, CBCP, MBCP, MBCI, FBCI are assets. • Additional 2 years of experience may be considered in place of the aforementioned certification requirement. • Flexibility and creativity in applying industry practices to solve complex problems. • Strong interpersonal communication skills in English, both verbal and written. • A demonstrated ability to work in teams is highly desirable.

This vacancy is now closed.
However, we have found similar vacancies for you: