The Central Bank of Ireland serves the public interest by safeguarding monetary and financial stability and by working to ensure that the financial system operates in the best interests of consumers and the wider economy.
We currently have a vacancy for a Senior Technology Risk and Inspections Specialist on a contract of indefinite duration in the Governance and Operational Resilience and Risk Management Division.This role is aligned with the Bank Professional 2 grade and the BP2 salary scale applies. New entrants will commence on Point 1 of the relevant salary scale, in this case the starting salary will be €89,943.00. Please click here for further information on our salary scales."
Digital operational resilience is a fundamental underpinning of a resilient and well-functioning financial system supporting the economy and serving the needs of consumers and citizens.
One of the key elements of the Digital Operational Resilience Act (DORA), which became enforceable on 17th January 2025 is bringing the critical third-party providers (CTPPs) of ICT services to financial entities under an oversight regime at EU level. This reflects the important role that these CTPPs have in the functioning of the financial system, as vulnerabilities in their operations could disrupt financial services, with potentially large and negative knock-on effects for both the financial sector and the real economy.
Your Team:
You will be joining a team of technology and outsourcing/third-party risk experts at the start of an exciting new mandate for the European Supervisory Authorities (ESAs) with support of the Central Bank with regard to oversight of CTPPs. This team will act as a centre of expertise in general outsourcing / third-party risk management, and with a particular focus on Third Party Providers: IT risk management, IT operations, business continuity management, cyber security and emerging technologies. The team is responsible for providing Third-Party and Outsourcing Risk related support, IT risk in relation to TPPs, and support and advice across the Central Bank's supervision teams, carrying out inspections, and supporting the ESAs in their oversight of CTTPs.
The Role:
Senior Technology Risk and Inspections Specialist - Third Party Technology Risk: The role holder will spend the majority of their time working as part of the risk and inspection team: Third Party Risk and Oversight. The majority of the working time will be from the Central Bank's offices in North Wall Quay, Dublin 1 (including working from home, as per the Central Bank's policy). However, there may be travel opportunities and applicants will be asked what availability and interest level they have in relation to travel.
Reporting to the Third Party Risk and Oversight Team Manager, the team member's responsibilities are set out in detail below.
Responsibilites:
* Lead teams in conducting On-Site Inspections, ensuring they take into account the relevant legislative requirements, guidelines, industry best practice and peers so the inspections are comprehensive. Lead the engagement with senior management of relevant entities with regard to the final findings and factual accuracy of the reports to ensure there is full comprehension of the assessment;
* Contribute to the supervisory strategy for third-party risk (including ICT third parties) to ensure appropriate oversight by the Central Bank of third-party risk across all relevant financial services sectors, including addressing the conclusions of the risk assessments of CTPPs as provided by the Joint Examination Teams (JETs) and integrate them into the Bank's supervisory follow up;
* Take a lead role in implementing the strategy for assessing general and ICT third-party risk using the appropriate tools and resources e.g. thematic reviews, deep dive reviews, reliance on data analytics etc., working closely with the Risk and Inspections Manager, to contribute to robust supervision;
* Working closely with the Risk and Inspections Manager, lead the team in identifying the emerging issues and evolving landscape for the relevant risk areas through horizon scanning, peer analysis and data analysis. This includes the on-going surveillance of issues and leading input into the design of the On-site inspection programme to ensure the programme is appropriate and thorough;
* Take a lead role in providing detailed technical expertise across the Central Bank for ICT third-party risk, particularly regarding complex issues, so the recipients, particularly supervisors, are fully informed when making supervisory assessments and decisions;
* Manage and foster good working relationships with internal and external stakeholders, ensuring concerns/queries are appropriately addressed, to help deliver the division's mandate. This includes collaborating with the Policy and Risk Directorate and the Supervisory Directorates to influence how this risk is supervised in Ireland and across Europe – e.g. policy formulation and implementation;
* Represent Ireland on relevant domestic and EU fora as required, delivering strong influence for the Central Bank on such bodies. Provide briefings to Central Bank representatives on national and international fora as/if required to ensure Central Bank interests are appropriately represented and relevant stakeholders are informed;
* Lead the provision of training and knowledge sharing within the team and across the Pillar/ Bank for the relevant risk area so it's understood and contributes to robust supervision;
* Contribute to the development of the Horizontal Directorate strategy and operational plans. Ensure the delivery of the relevant Directorate Balance Scorecard objectives and take responsibility for delivery of key elements of projects relevant to the Directorate.
While the primary responsibilities, for the role are set out above opportunities may arise to work on the ESAs' Joint Examination Teams (JETs) in an ad hoc or full time role and the responsibilities in relation to this are:
* Working closely with the Overseers (the European Supervisory Authorities (ESAs)) to assess whether each critical ICT third-party service provider (CTPP) has in place comprehensive, sound and effective rules, procedures, mechanisms and controls to manage the ICT risk, which it may pose to financial entities;
* Conduct examinations (general investigations, inspections) of CTTPs, taking into account the relevant legislative requirements, guidelines, industry best practice and the ESAs internal processes and methodologies;
* Assess and analyse all information that is necessary for the Overseers to carry out its duties under DORA, including all relevant business or operational documents, contracts, policies, documentation, ICT security audit reports, ICT-related incident reports, security and vulnerability assessments, as well as any information relating to parties to whom the critical ICT third-party service provider has outsourced operational functions or activities;
* Assist in the preparation and drafting of the individual annual oversight plan describing the annual oversight objectives and the main oversight activities planned for each critical ICT third-party service provider;
* Draft the recommendations addressed to the critical ICT third-party service following the conduct of examinations, which may concern the following: the overall ICT governance related arrangements of the CTPP, the use of specific ICT security and quality requirements or processes, the use of conditions and terms in the arrangements between the CTPP and financial entities and between the CTPP and its service providers, including their technical implementation, which the Overseers deem relevant for preventing the generation of single points of failure, the amplification thereof or for minimising the possible systemic impact across the EU's financial sector in the event of ICT concentration risk;
* Take a lead role in providing technical expertise and support to the joint examination team (JET) and Overseers on a range of information technology, technology risk and operational risk issues. Contribute to identifying the emerging technology issues, and evolving technology landscape through horizon scanning, peer analysis and data analysis.
* Follow up on the findings and actions included in the recommendations issued by the overseers with the ultimate goal to verify if the risks identified are properly mitigated.
* Prepare presentations and reports on the work carried out for the various governance bodies and relevant stakeholders, as deemed necessary.
Requirements:
*
o Third level honours degree or professional qualification in a related professional discipline (e.g. information technology, computer science, information security, IT auditing and IT governance);
* Minimum 8 years relevant experience in Information Technology and/or IT Auditing related field;
* Background working in financial services, insurance, cloud service providers, ICT third-party providers, or consultancy-side highly desirable;
* Expertise in at least one or more of the following areas: IT risk; Operational Risk; IT security; IT availability and continuity; IT change; IT outsourcing; IT data integrity;
* Professional certification such as CISA, CISSP, CISM or CRISC qualification desirable;
* Strong understanding/experience of IT industry/regulatory frameworks (e.g. COBIT, ISO, ITIL, NIST, etc.) and relevant financial regulations (e.g. EBA, EIOPA, MiFID2, DORA, etc.) would be advantageous;
* Excellent verbal and written communication skills in particular the ability to draft inspection/assessment outcomes and communicate these to internal/external stakeholders;
* Proven ability to critically assess complex / once off issues and problems with the ability to distil significant volumes of information, identifying solutions for root causes of issues;
* Detail-oriented and thorough – accuracy and attention to detail is key;
* Organised and able to manage time effectively to meet deadlines;
* Excellent capability in managing and deliver difficult / contentious issues with regulated entities including having an ability to challenge senior management and the c-suite level on subjective issues where supervisory judgement is essential;
* Strong people management, coaching and leadership skills;
* Acting professionally, ethically and with integrity.
We know it's our people who make the Central Bank special and we are focused on creating a diverse, inclusive, fulfilling and progressive work environment. We encourage applications from candidates with different backgrounds, experiences and perspectives as it strengthens us, as individuals and as an organisation. We are committed to positively supporting candidates with disabilities. We are committed to positively supporting candidates with disabilities. If we can make any reasonable accommodations for you in the recruitment process in order to give you the opportunity to perform to your best, please email our Disability Inclusion Partner at. Any information that you provide will be used only for the purposes of providing relevant support and will have no bearing on how your application will be viewed.
We have implemented a hybrid working model to balance the flexibility working from home provides with the value our office environments bring to support collaboration and connection with colleagues. Our approach to hybrid working enables colleagues to work from home up to 50% of working days, building on an existing broad range of flexible working policies and practices already in place to support our people achieve the right balance.
Our policies also provide insight into our organisational culture, work environment and working arrangements. Here are some of the key policies (subject to ongoing review and amendment) which may be of interest as you consider a career with us.
The Central Bank pension scheme mirrors the rules of the civil service pension scheme. Therefore if you are in receipt of civil/public service pension, abatement may apply to your current pension. Details of the appropriate pension scheme will be provided upon determination of the appointee's status.
Application Details:
Closing Date: Sunday 11th January
To apply, please complete the application form attached (via the "apply" link).
Before starting your application you will be asked to create a profile with us, this will allow you to track and review your application throughout the process. Click "register" to create a profile and complete the application process.
Once your application has been successfully submitted you will receive an automatic email from us acknowledging receipt. If you do not receive this auto-acknowledgement, please contact
Cuirfear fáilte roimh iarratais i nGaeilge
The Central Bank of Ireland is an equal opportunities employer.