Head of IT Risk Officer for APAC-ME

Summary

Job description

The Information Technology Risk Office (ITRO), within Risk Management and Control (RMC), is responsible for the end to end execution, coordination, challenge, and continuous enhancement of ICT risk management in alignment with Group standards and applicable regulatory requirements.

The Head of IT Risk Officer for APAC-ME will directly report to the Regional Head of Risk Management and control department and functionally report to Head of IT Risk Officer Head office. He will work in close relationship with him and follow the same standard and process.

Key Responsibilities

• ICT Risk Strategy & Governance
• Contribute to Group and Regional ICT risk management by monitoring and reporting ICT risk levels across local and regional information systems and processes
• Prepare ICT risk reporting for management and governance bodies. Provide a local vision for ICT risk deliverables, reflecting regional IT environments and operational realities.
• Support alignment of ICT risks with business strategy and risk appetite
• ICT Risk Identification, Assessment & Monitoring
• Perform and coordinate:
• Annual ICT risk assessments
• IT Risk Self‑Assessments (IT Radar)
• Ensure full coverage of all nine ICT risk domains
• Monitor emerging ICT risks related to technology evolution, operational changes, suppliers, or incidents
• Identify early indications of material risks or potential risk appetite breaches
• Regulatory Watch, Interpretation & Gap Identification
• Perform regulatory watch on ICT‑related regulations and supervisory expectations (e.g. MAS TRM, HKMA)
• Analyse regulatory requirements and identify gaps against existing ICT risk practices
• Propose remediation actions and coordinate follow‑up with stakeholders
• Translate regulatory expectations into operational and technical ICT risk considerations for management
• ICT Risk Controls & Internal Control System (LoD 2.1)
• Identify and maintain local owners for each ICT risk type
• Establish, maintain, and execute Level 2.1 ICT risk controls
• Ensure appropriate Level 1 controls are designed and performed locally
• Challenge control design and implementation choices prior to execution
• Risk Metrics, Dashboards & Transparency
• Ensure accurate regional ICT risk data feeding into the Risk Operational Dashboard (ORD)
• Define and instantiate regional KPIs and KRIs where relevant
• Produce ICT risk dashboards and management risk summaries
• Highlight trends, deteriorations, interdependencies, and forward looking ICT risk concerns
• ICT Risk Management Tooling
• Ensure deployment, usage, and maintenance of IT Risk Management tooling
• Raise regional specificities during tooling design or evolution phases
  
  

Complément

• Incidents, Lessons Learned & Audit Follow Up
• Analyze historical ICT and cybersecurity incidents
• Identify recurring root causes, systemic weaknesses, and improvement opportunities
• Integrate lessons learned into risk assessments and control enhancements
• Follow up critical ICT related audit recommendations and track remediation
• 4.8 Advisory, Stakeholder Challenge & Risk Culture
• Provide constructive challenge to IT, project, infrastructure, and supplier stakeholders
• Advise CIO, IT management, and business stakeholders on ICT risk implications
• Promote ICT risk awareness and contribute to strengthening risk culture
• 4.9 Governance Reporting & Escalation
• Highlight significant ICT risks, dependencies, and remediation challenges
• Provide independent risk opinions, RCSA assurance, and formal ORM escalations
  
  

Application criteria

Company Crédit Agricole CIB

About Crédit Agricole Corporate and Investment Bank (Crédit Agricole CIB)

Crédit Agricole CIB is the corporate and investment bank of the Crédit Agricole group, the 10th largest banking group in the world *.

We support major companies and financial institutions in their development and the financing of their projects.

As pioneers in responsible finance, social and environmental commitments are at the heart of our activities.

Joining our teams means working in a multicultural environment, both dynamic and stimulating, where you will contribute to developing a sustainable economy.

We support employees throughout their journey: you will develop your skills and access various mobility opportunities among the diversity of our businesses in more than 30 international locations.

Our culture is built on collaboration, innovation and openness, where everyone is valued and empowered.

By working every day in the interest of society, Crédit Agricole CIB aligns with the Group values committed to diversity and inclusion and placing people at the heart of all its transformations.

All our jobs are open to people with disabilities. We welcome applications from candidates of all backgrounds and experiences.

Ready to take part in our mission

• By balance sheet size - The Banker, Juillet 2025