IT & Operational Risk H/F Amundi

Reporting to the CIO, theIT Risk Owner (ITRO)is afirst line of defenserole responsible for managing ICT risk within its scope, coveringgovernance, operations and incidents, projects and application development, suppliers, obsolescence and compliance. The ITRO helps consolidate the overall ICT risk view and coordinates with the relevant stakeholders to ensure comprehensive risk coverage.

Key responsibilities
Contribute to the definition of the entity'sICT risk appetiteandDigital Operational Resilience Strategy (DORS).
Help design, maintain and improve theICT risk management framework, in coordination with other risk stakeholders.
Identify, assess and monitorICT risks within the scope of responsibility, and escalate cross-cutting risks where needed.
Lead and track remediation actionsand the ICT risk action plan.
Define and monitorKPIs/KRIs, produce dashboards and supportrisk reportingto governance bodies.
Monitor developments in the internal and external environment, includingregulations, standards, technologies and emerging risks.
Contribute to Group-levelassessment and control campaignsand governance activities.
Ensure ICT risk is properly addressed inprojects, whether internal or outsourced.
Advise the CIO, project managers, business lines and functions on ICT risk matters.
Raise awareness and providetrainingon ICT risk across the entity.
Coordinate the maintenance ofreference architectures, asset mapping and dependencies, including third-party relationships.
Contribute to the management ofICT incidents and crises, in cooperation with the relevant stakeholders.
Define and run theLevel 2.1 control plan, and ensure Level 1 controls are performed.
Support internal control reporting and periodic reviews of the ICT risk management framework.
Assess third parties used by the entity and ensureDORA compliance.
Support the entity in itsdue diligenceand DORA compliance towards external clients.