Senior IT Risk Specialist

Ümumi məlumatThe Senior IT Risk Specialist plays a key role in identifying, assessing, and monitoring technology risks across Birbank’s IT landscape. The position supports the Head of IT Risk Division in maintaining the IT risk register, conducting risk assessments, preparing analytical reports, and ensuring compliance with internal standards and regulatory requirements.Öhdəliklər Participate in the identification, evaluation, and tracking of IT risks, ensuring accurate registration and updates in the IT Risk Register; Perform risk assessments for new projects, initiatives, and change requests, highlighting potential technology, cybersecurity, and operational risks; Conduct scenario-based risk analysis (e.g., system downtime, data integrity loss, control failures); Support control testing and assurance activities in coordination with IT and Information Security teams; Prepare periodic risk dashboards and reports for senior management and risk committees; Monitor compliance with CBAR and internal regulatory requirements, supporting audits and inspections; Assist in the maintenance of IT risk policies, procedures, and control matrices; Support review of risk indicators (KRIs) and report emerging technology risks; Collaborate with architecture, infrastructure, and DevSecOps teams to identify residual and systemic risks in IT processes; Contribute to improvement projects (automation, metrics dashboards, and risk documentation standardization).Tələblər Bachelor’s or Master’s degree in Computer Science, Information Security, or Engineering; Minimum 4–6 years of experience in IT Risk, IT Governance, or Information Security (preferably in financial institutions); Working knowledge of ISO 27001, NIST CSF 2.0, COBIT, PCI DSS, or equivalent frameworks; Experience with risk registers, control testing, and audit support processes; Familiarity with Basel principles and Central Bank regulations is an advantage; Preferred certifications: CRISC, CISA, or CISM; Strong analytical and reporting skills, with attention to detail; Effective communication skills, able to present technical findings to non-technical audiences; Ability to work independently, manage multiple tasks, and contribute to team-wide initiatives;Preferred Experience Using GRC tools Building KRI dashboards or risk visualization in tools like Power BI or Grafana. Experience in incident post-mortem analysis and root-cause documentation.