DXC - Senior Business Control Officer - IT Domain

Project Description:

The Control Office, part of the COO division, is responsible for:

- Monitor the implementation of the non-financial risk management framework.

- To design and review effective and adequate frameworks of internal control mechanisms in cooperation with the Client infrastructure/business functions, with a particular focus on so-called 'lessons learned' and 'health checks'.

- To support risk managers in implementing and improving the framework of internal control mechanisms.

- To establish a review process of the operational risk profile.

- To monitor and report control indicators.

- Improve behavioral standards through increased awareness (in collaboration with HR and Compliance).

- Following the split and IPO in 2018, Client has begun to become independent from his previous organization, but significant dependencies remain, particularly in the areas of IT infrastructure, applications and information security (IS).

- In 2024, a transformation program is launched to ensure that Client's IT infrastructure is separated, thus ending this dependency.

- After completion of this initiative, Client will have sole responsibility for its entire IT environment and, as one of the world's leading asset managers, must therefore have adequate management and control mechanisms in place.

- To support the organization in this, new job profiles are currently being created in the Control Office.

- The newly created job profile of the 'Senior Business Control Officer for Information Security' will report to the Head of the Control Office team for COO and work closely with the Chief Information Security Office, the Technology Governance Team, those responsible for applications and IT infrastructure, and the function responsible for information security in the 'Second Line of Defense'.

Responsibilities:.

- Ensuring the implementation of the priorities of the organization and the Control Office such as findings management, post-incident reviews, risk & control assessments, scenario analyses, monitoring of risk appetite, risk metrics, and transformation activities regarding IT and IS risk management.

- Working with the Chief Information Security Office and the Technology Governance Team to create a context-specific framework and governance processes that enable IS and IT risks to be identified, managed, and reported on, including appropriate dashboards and metrics for the future multitude of IT service providers.

- Support in determining, reviewing, and adjusting the organization's risk appetite with regard to IS; monitoring the IT and IS risk profile with regard to risk appetite and corresponding reporting.

Mandatory Skills:.

- Cloud Concepts.

- Control Objectives for Information and Related Technologies (CobiT).

- ISO 27000 Standard.

- IT Security.

- Operational Risk Management.

Mandatory Skills Description:.

- Experience 15+ years in information technology at an enterprise level.

- Experience 5+ years in security (technical and organizational aspects), ideally in combination with experience in the financial industry, management consulting, auditing, or a technology company.

- Solid knowledge of relevant industry-specific and regulatory investigation methodologies and/or standards (e.

- ISO/IEC 27000 Series, COBIT5) required.

- University degree (computer science, business administration, natural sciences, or comparable); focus on information technology and information security preferred.

- Knowledge of the principles of operational risk management and experience in risk management.

- Advanced knowledge of MS PowerPoint, Excel and Word.

- Very good knowledge of English (spoken and written).