Job Summary: The IT Risk Manager will design, implement, and operate the technological risk framework for the Core Credit program, ensuring controls, continuity, and audit-ready evidence. Key Highlights: 1. Design, implement, and operate the technological risk framework for Core Credit 2. Ensure preventive/detective controls, continuity, and resilience 3. Coordinate with Business and IT Operations to ensure uninterrupted critical processes **Position: IT Risk Manager (Controls, Continuity, and Audit | Core Credit Program)** **Department:** IT / Technological Risk / Internal Control (Credit Core and Ecosystem) **Language Requirement:** Advanced English (mandatory) **Job Objective** Design, implement, and operate the **technological risk framework** for the program (applications, integrations, data, releases, and operations), ensuring **preventive/detective controls**, continuity and resilience, compliance, and **audit-ready evidence**, across specification, development, testing, migration, and stabilization phases. Coordinate with Business and IT Operations to ensure critical processes operate without material interruption and with **end-to-end traceability**. **Financial Responsibility (Impact):** Reduces probability of outages and material operational events; prevents losses from data errors or unauthorized access; avoids regulatory penalties/non-compliance sanctions; and reduces remediation costs due to late findings. **Requirements (Mandatory)** * **5–6+ years** in IT risk/control within financial services. * **3–5+ years** leading control/continuity teams or cells (multi-team). * Experience in control governance, continuity/recovery, access management, change/release management, and data integrity. * Knowledge of the **credit/cards ecosystem** and its operations (critical processes and dependencies). * Proven experience testing controls in complex environments (development, integrations, and operations) with audit-ready evidence. * Cross-functional coordination with Business, IT Operations, Security, and Data; executive communication for committees. * **Advanced English** (mandatory). **Key Responsibilities:** 1) Technological Risk Framework (inventory, policies, metrics) * Define control policies, processes, and metrics for applications, integrations, data, access, and changes. * Maintain risk and control inventory (owners, frequencies, required evidence, status). 2) Process- and Release-Level Risk Assessment * Conduct assessments per workflow (origination, operations, collections, products/loyalty) and per version/release. * Classify impacts, dependencies, and residual risk; prioritize mitigations and target dates. 3) Access and Segregation of Duties (SOD) Controls * Design and oversee roles/profiles, segregation of duties, and periodic reviews in applications and support tools. * Ensure complete evidence (onboarding/offboarding, recertification, exceptions, remediation). 4) Continuity and Resilience (BCP/DRP) * Coordinate continuity/recovery plans, failover tests, and drills. * Define and validate availability objectives, RTO/RPO, and resilience controls. 5) Data Integrity and Traceability * Define logging/audit requirements, retention, and evidence accessibility. * Ensure integrity and traceability of integrations and data loads/processes (referential integrity, reconciliations, controls). 6) Change and Release Management (Risk Criteria) * Establish risk criteria for changes and releases; participate in Change Advisory Boards (CAB). * Verify prerequisites, rollback plans, post-release validations, and “audit-ready” documentation. 7) Control Testing in SIT/UAT * Design and execute technical/functional control tests: negative testing, resilience, and security. * Manage findings, prioritization, and remediation to closure with evidence. 8) Incident and Problem Management (Risk Events) * Coordinate incident response: outages, performance degradation, data errors, or unauthorized access. * Execute runbooks, escalation, and follow-up on action/correction plans with owners and deadlines. 9) Compliance and Audit (Internal/External/Regulatory) * Address regulatory requirements and audits; maintain documentation, logs, and traceability matrices. * Ensure consistency and completeness of evidence for recurring reviews. 10) Governance and Training * Report risk status to the IT Director/Committee (trends, top risks, mitigations, decisions required). * Train teams on control, continuity, and security practices applied to the program. **Desirable Knowledge and Tools (Plus)** * ITIL/ITSM and CAB operations; Service Desk (Jira/ServiceNow) and Confluence. * Continuity/recovery (BCP/DRP), internal control, and IT audit. * Information security (controls, hardening, logging, IAM). * Identity and access management (IAM) and recertification. * BPM (process mapping and standardization). * BI/Analytics (Power BI/Tableau) for risk dashboards. * Experience with API/ESB integrations and monitoring/observability (logs/metrics/traces). **Key Competencies (What We Will Assess)** * Preventive mindset: anticipate failures and design controls prior to go-live. * “Audit-ready” rigor: clear, traceable, and consistent evidence. * Prioritization capability (impact, probability, residual risk) and execution against deadlines. * Cross-functional leadership and executive communication (committees, trade-offs, decisions). * Disciplined handling of high-criticality incidents with rigorous follow-up. Employment Type: Full-time Salary: $70,000.00 – $75,000.00 per month Work Location: On-site