Your part of the deal:
You will be working in the CT CSDR project team to deliver and support CT's required contribution to the CSDR outsourcing cross-divisional working group, along several key dimensions:
1- Support Compliance, Procurement and Legal to perform the risk assessment of CT's Critical Service Providers, using CPMI-IOSCO's oversight expectations applicable to CSPs as required by the regulator (cf.
2- Coordinate with the CT CSDR project team any questions requiring interactions with the external providers and any required involvement of the CT business/contract owners
3- Follow up on the initial risk assessments of the CSPs, on any mitigating actions and residual risks, ensuring that the risk assessment methodology becomes embedded in CT operational processes for a regular review/recertification of the CSPs' risk profiles
4- Contribute to the CT CSDR project team overall effort to set up the operational monitoring and control processes of CSPs, and roll out these processes to CT internal stake-holders and senior management (Technical Domain Owners and CT contract owners)
The challenge is to transpose the CPMI-IOSCO guidelines to the company context and to apply them taking into account the specific nature and products/services of CT's CSPs while ensuring that this new risk assessment exercise does not remain a one-off initiative but is turned into a formal repeatable and sustainable practice in the CT organisation.
Since the new CSD regulation is requiring a formal and explicit oversight, risk assessment and controls on the CSPs, you will be expected to deliver a systematic and standardised documentation providing a comprehensive articulation of the risk assessment in a language that is understandable by both the business and IT.
Given the forced/mandatory nature of the initiative and the aggressive time frame imposed to reach full compliance, we are looking for an experienced IT Vendor Risk Management analyst profile, i.e.:
- Experience (3+ years) in managing service provider/supplier relationships, demonstrating influencing and negotiation skills to align internal and external stake-holders
- Experience in vendor risk management - risk analysis minded, analytical but strategic thinking and logical reasoning, able to articulate risks and mitigating actions in a very clear way
- Interpersonal, presentation and written communication skills in IT and business language, both with technical experts and senior management
- Strong team player with integration skills (joining people and processes), while also demonstrating work autonomy and leadership to define and drive action plans
Fluency in English is required (French and/or Dutch are a plus)
Our part of the deal:
The IT supply chain is constantly evolving in most large IT organisations with the additional challenge from the new regulation of increased controls and risk management: we offer you a key position providing you with the opportunity to develop core competencies in risk management with external providers and in shaping the internal processes for managing external third parties.
Focusing on outsourcing and critical service providers, you will join a stimulating international team supporting all company group entities, allowing you to grow your understanding of IT and business services across the group. Your role will combine field work, cross-divisional collaboration and contacts with senior people in the company.
This position starts as soon as possible from March 2017 for 6 months until end August/September 2017 (potential extension subject to approval after this first phase).