IT Risk and Control Assurance

The Contraste Europe Group builds strong relations with its clients. It offers a range of IT services such as: Advisory, Solutions, Applications and Infrastructure. The Group’s sector focus is with finance, utilities, public institutions and non-commercial organisations. We are operating on three countries located in Belgium, Luxemburg and France.

For one of our major clients in the financial sector, we are looking for a IT Risk and Control Assurance.

Category

Advisory Services

Function

Risk & Compliance Manager

Language(s)

French, Dutch, English

Reference

200225/0229

Location

Brussels

We offer

We Offer:

• A challenging position in a fast growing company with an international presence.
• A stimulating working environment with a really good team spirit maintained by lots of internal events (teambuilding, ...).
• A dynamic culture focused on personal development.
• A wide range of training and career development opportunities.

Your profile

• University degree or equivalent experience (education in computer science or engineering is a plus)
• Fluent knowledge of English (verbal, writing, presentation). French and/or Dutch is a plus
• Experience in the IT delivery and / or operational activities, in IT risk and control environment or equivalent experience
• Critical mind-set and ability to challenge and influence middle management and IT experts
• Strong risk mind-set: you aspire to a culture of excellence
• Strong leadership and communication skills, both on the field, in the team or with management: you are a keen team player and coordinate work amongst people from different areas or divisions. A good relationship builder with strong diplomacy skills
• You are a highly motivated self-starter and quick learner and you are able to work proactively in a challenging environment with conflicting or competing priorities
• Strong analytical and risk assessment skills. You know how to break down complex risk situations into manageable pieces and to address logical links and dependencies. You can distinguish essential information and summarise it accordingly. You see how information is linked and you recognise common patterns in elements that seem unrelated at first
• Experience in large multi-platform based IT environments, such as IBM Mainframe and distributed systems
• Process-minded and good knowledge of the key principles of the IT related frameworks such as COBIT, ITIL, Agile and PRINCE2 is a plus (no certification is required)

Your role

Your day-to-day responsibilities:
• Provide an independent assurance to key stakeholders on the design adequacy and operating effectiveness of the IT internal control system.
• Contribute to an adequate understanding the IT residual risk profile (for comparison with the risk appetite)
• Contribute to a reduction in the number of unexpected observations raised by auditors (by identifying the most severe weaknesses prior to further examination by 2nd and 3rd lines of defence and external auditors)
• Contribute to the single IT control environment covering all IT divisions, by assessing and reporting on the IT control maturity versus key controls, policies, procedures and standards relevant to IT.
• Contribute to the design, preparation and delivery of the appropriate risk & control reporting as required by the management, business entities and second and third lines of defence.
• Ensure clearance of the assessment findings with 1st line management
• Contribute to an up-to-date risk and control assessments dashboard
• Adopt the Risk Champion role towards the IT first line of defence, balancing providing guidance on the risk framework and maintaining the necessary independency.
Your responsibilities in the group Risk transformation:
• Provide a key contributing role to embed the IT Risk Control Framework in the full IT organization (1500 people)
• Actively participate in the Risk Transformation: as part of the IT Assurance & Testing you will support the implementation of the necessary changes and work in a continuous improvement mind-set (e.g. development and maintenance of sampling strategies, assessment checklists, evolution of the assessment reporting, adoption of Risk Champion role, new corporate risk tooling, embedding or automation of controls in IT processes.
• Take part in the assessment and improvement of the IT risk education programme, in order to increase the Risk culture, awareness and mind-set in IT and help the IT first line to translate it into concrete behaviours.
• Occasional traveling to London and/or Paris may be required (frequency not higher than once a month per location).