IT Risk and Compliance (GRC) Analyst

Apply website

Send CV
 Milano      1/20/2020


Area description

The ICT & Security function develops and manages the software applications, the Bank’s technological infrastructure and related ICT Security aspects. It boosts the rationalization of all processes supporting business lines, through the collection of needs related to IT services and the promotion of technological opportunities offered by the evolution of the information system.

Function and Job
Primary Responsibilities and Activities

• Supporting ICT department program developing, implementing maintaining and updating internal controls (policies, procedures, guidelines, controls framework) as required, including compliance with regulators and best practices standards
• Aligning the IT policy with organization approach, guidelines, policies and plans;
• Ensuring that IT compliance issues/concerns within the IT are being appropriately evaluated, investigated and resolved
• Identifying potential areas of vulnerability, risk and controls and develops/recommends corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future
• Providing reports on a regular basis, and as directed or requested, to keep the company management informed of the operation and progress of compliance efforts.
• Designing methodologies for risk identification, analysis and management of ICT risks and controls
• Collaborate with teams across the company to promote and implement adequate practices and controls ensuring compliance with policies/plans/standards
• Coordinating responses to audit recommendations with appropriate ICT areas and subsequent responses with remediation or corrective action plans
• Conducting regulatory research related to compliance and governance, risk and compliance
• As needed, mapping business and user requirements into relevant system specs
• Where required assessing, applying and designing the impact of system changes on users, internal and external clients and stakeholders


• Bachelor’s degree in computer science/engineering or equivalent
• Experience within the IT/ high transaction volume/ financial services industries.
• At least 5 years of previous experience in ICT Risk or ICT Governance role
• Previous experience in coordinating governance topics in a parent company
• Familiar with risk management and risk assessment concepts and methodologies

Knowledge & Skills:

• Ability to read, write and speak English (B2 or better)
• Ability to work with cross-organizational and cross-functional teams
• Possesses intermediate-level understanding of IT general controls (security, change management, disaster backup recovery, data center, etc.) and IT application control concepts (application processing controls, system reconciliations, interfaces, reports testing, workflows); proficient knowledge of system development lifecycle methodology, operating system and database platforms.
• Knowledge of IT frameworks and standards including COBIT 5, ITIL
• Awareness of principles IT Audit Management
• Awareness of banking regulations (Bankit 285, BCE, L.231, GDPR, PSD2, ..)
• Ability to communicate risk topics to both technical and non-technical stakeholders
• Good problem solving skills and attention to details
• CISA, ITIL, CGEIT and other certifications in IT Governance topic are a plus


Non specificato




Degree with Honours