Overview
The First Line ICT Risk & Resilience Analyst is responsible for supporting the effective operation of the organization’s ICT governance, risk management, resilience, and incident response processes in line with the EU Digital Operational Resilience Act (DORA). The role focuses on ensuring ICT risk and resilience controls are implemented, maintained, and evidenced on a day-to-day basis, while coordinating with ICT Owners, the Operational Resilience Committee, and the wider business. This is a hands-on first line of defense role requiring close collaboration with technology teams, business units, second line oversight functions, and regulators. We are seeking a proactive ICT Risk & Resilience Manager to join our first line of defense team, working to ensure IT governance, risk management, and operational resilience practices meet regulatory requirements in collaboration with technology teams and business stakeholders.
You will work closely with IT teams and business stakeholders to implement controls, manage incidents, and support resilience testing.
Responsibilities
* Implement the ICT Risk Management Framework in day-to-day operations working closely with IT teams and other stakeholders.
* Maintain evidence of ICT control operation and track remediation of compliance gaps.
* Support management reporting by maintaining dashboards of ICT risk and resilience activities, incidents, and testing.
* Maintain and update the ICT risk register, asset inventories, dependency mapping, and business impact analyses.
* Participate in ICT incident management, including classification, reporting, and post-mortem reviews.
* Plan and deliver business continuity, disaster recovery, information security and other resilience tests.
* Conduct scenario-based walkthroughs to validate resilience against severe but plausible risks.
* Conduct due diligence and monitoring of ICT third-party providers, including maintenance of register of ICT third-party providers.
* Support ICT governance, including preparation of committee materials and escalation of ICT risk issues.
* Collate and document first line evidence of resilience test results, remediation actions, and progress tracking.
* Demonstrate strong understanding of ICT risk management frameworks (e.g., NIST, ISO 27001) and operational resilience principles.
* Apply knowledge of DORA requirements and practical experience in ICT governance, risk, and compliance (GRC).
* Experience with disaster recovery and information security testing.
* Strong incident management and reporting skills.
* Collaborate across first and second line functions with a proactive, team-oriented approach.
* Exhibit excellent written and verbal communication skills, strong attention to detail, analytical thinking, and problem-solving capabilities.
You will be successful in this role if you have:
* Bachelor’s degree in information technology, information security, risk management, or related field
* 3-5 years of experience in ICT risk management, ICT operations, or ICT audit
* Professional certifications preferred (e.g., CISA, CRISC, CISM, CISSP)
* Experience with GRC platforms (e.g., AuditBoard) desirable
* Experience within financial services or other regulated sectors advantageous
* Familiarity with Generative AI tools such as ChatGPT for research, data insights, and productivity is a plus
* A flexible hybrid work schedule – Tuesdays, Wednesdays, Thursdays in the office
* Competitive benefits and paid time off
* Pension plan
* Educational and professional development financial assistance
* Employee referral bonus program
About Us
KBRA (Kroll Bond Rating Agency, LLC) is a full-service credit rating agency registered with the U.S. Securities and Exchange Commission as an NRSRO. Kroll Bond Rating Agency Europe Limited is registered as a CRA with the European Securities and Markets Authority. Kroll Bond Rating Agency UK Limited is registered as a CRA with the UK Financial Conduct Authority pursuant to the Temporary Registration Regime. KBRA is designated as a designated rating organization by the Ontario Securities Commission and is recognized by the National Association of Insurance Commissioners as a Credit Rating Provider. KBRA Europe is located at 2nd Floor, One George\'s Quay Plaza, George\'s Quay, Dublin 2 D02 E440.
#J-18808-Ljbffr