Business Analyst with CyberSecurity
Job Description
Job title: Business Analyst with CyberSecurity
Company: Luxoft
Job description: Project descriptionOur client is an EU subsidiary of a Global Financial Institution. Role is for an experienced Business Analyst to join the bank’s Technology Resilience department – collaborate with the bank’s entities/branches to assist with their technology operational resilience compliance, where practical and/or required. Key objective of the project is to facilitate the entities/branches compliance with the Digital Operational Resilience Act 2022/2554 (DORA). The overall aim of the DORA regulation is to ensure that all ICT services (with a focus on critical or important functions) including those supported by ICT third-party service providers and the underlying ICT assets, processes, systems and applications associated with those ICT services, are resilient. DORA also aims to ensure that those entities/branches can prevent, respond and recover from, ICT/technology disruptions. Main purpose of the role: To implement requirements under the DORA regulation by January 2025, the Bank;s Technology Resilience is mobilising a large-scale programme of work to ensure regulatory and applicable standards are met. This will involve aligning internal ICT and external third-party ICT (including any ICT services provided through outsourcing) governance practices with DORA’s resilience pillars and incoming guidance published within future Regulatory Technical Standards (RTSs) and Implementation Technical Standards (ITSs). We are looking for a Business Analyst with an understanding of the new DORA regulation/requirements and applicable Third Party Risk Management rules to support the programme from January 2024. The selected BAs will work across the six pillars of DORA, which have been determined as: 1. ICT Risk Management – Ensuring the bank’s entities/branches have internal governance and control frameworks that allow them to manage ICT risks effectively and prudently 2. ICT related Incident Reporting – Reporting major ICT-related incidents to the relevant regulator 3. Digital Resilience Testing – Regularly carrying out digital operational resilience testing, including a range of assessments, methodologies, practices and tools 4. Information Sharing – Ensuring that any cyber threat information is shared amongst other financial entities to minimise the risk of future events 5. ICT Third Party Risk – Managing ICT third-party risk within their ICT risk management framework 6. General Governance Principles – Having a robust and well-documented ICT risk management framework in place that allows them to address ICT risks quickly and comprehensively Across the above pillars, the role holder will need to work collaboratively with a blended team of: Bank’s subject matter experts, legal resources, external consultancy, and broader business functions to facilitate compliance with DORA regulations/requirements.Responsibilities
- The role holder will be responsible for assisting applicable bank’s entities/branches with being able to demonstrate meeting the following (non-exhaustive) testing requirements and understanding the aims of each:
- rapid reporting of cybersecurity incidents, visibility into an organization’s third-party dependencies, and the ability to respond to audit requests from regulators or customers.
- Critical role in conducting the gap analysis to allow the bank to allow for an understanding of the scope and size of the uplift
- Designing potential solutions to any problems identified during the gap analysis phase across all workstreams
- Overseeing the implementation of approved process improvements
- Preparing and delivering reporting of their findings to leadership with comprehensive risk and impact assessment
- Supporting the necessary branches/entities through the transition process
- Contributes to the deployment plan and appropriate rollback plan, working with Workstream Leads and Project Manager The above responsibilities will be performed across both Core Banking and Securities under a dual-hat arrangement. Under the arrangement, the role holder will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the employing entity.
SKILLSMust have
- 5+ years experience supporting financial institution(s) in the capacity of a Business Analyst, preferably within a top tier banks
- Previous experience working in IT Cybersecurity
- Willingness to work on-site from Amsterdam office
Nice to have
- Experience in related solutions around IRM and System Monitoring • Demonstrable evidence of working on similar operational resilience projects or regulatory compliance programmes within the financial sector • Knowledge and general understanding of EU DORA • Knowledge of Resilience Testing processes and controls • Knowledge of EBA outsourcing Guidelines, PRA SS2/21 (outsourcing and TPRM), ESMA Guidelines on outsourcing to cloud service providers and UK Operational Resilience regulatory requirements would be advantageous due to overlap with DORA.
