Entity Risk Officer
Role Description
The Entity Risk Officer supports risk, control and outsourcing related procedures of the Operating Entity.
Given the critical role of the Operating Entities and the related risks, the Entity Risk Officer is 100% dedicated to risk (full-time).
The organizational set-up of the function and the appointment or dismissal of the Entity Risk Officer requires pre-alignment with the Regional Risk Officer and the AZ Technology CRO.
Reporting
The Entity Risk Officer has a direct reporting line to the Regional Risk Officer. For some ad-hoc tasks, the Entity Risk Officer might work reporting directly to Head of OpIT
Qualification
Multi-year professional experience, in different areas of IT risk management or other safeguarding functions
Good understanding of the risk categories: operational risk, IT risk, project risk, third party risk, business risk
Good knowledge of local service landscape and supplier relationships
Basic knowledge of local regulatory environment and standards like: COBIT 2019, COSO, ISO27xxx, ISAE/SOC
Strong communication and conflict management skills
Advanced skills in MS Office, knowledge of ORGS, SNOW, MicroStrategy is a plus
Responsibilities
•Actively acts as interface with Allianz SE / AZ RE and its Business Units and supports Allianz Technology incl. its departments, services, tribes or projects with the implementation of the Risk Policy Framework (Risk Policy, IRCS Policy, AZTEC Outsourcing Policy, TPRM Standard)
•Supports in project mode OP IT related projects like NFRM etc or other related projects
•Oversees and monitors compliance with the Risk Policy Framework
•Contributes to the improvement of Allianz Technology’s risk culture
•Reports of any material risk management related information to the AZ Technology CRO and/or respective central risk management team (high risk situations, exceptions and risk acceptances) and contributes to the Allianz Technology Risk Committee reporting
•Coordinates the implementation and regular performance of the Integrated Risk and Control System (IRCS) Cycle and Third-Party Risks Management (TPRM) Cycle
•Ensures clear allocation of Risk and Control ownerships including Business ownerships for outsourced functions or services
•Coordinates risk assessments (including outsourcing risk assessments), supporting the business in control implementation, documentation and performance, development of mitigation plans and its follow up
•Coordinates activities with other expert functions, in particular Data Privacy, Information Security, Protection & Resilience
•Supports Business Owners and TPRM team in the identification and classification of outsourcing contracts and in fulfilling outsourcing requirements according to the Policies and Standards (e.g. Outsourcing Due Diligence, Exit Plans)
•Performs quality assurance on the outcomes of the IRCS and TPRM cycle
•Plans and coordinates control testing activities (including own performance of independent control testing) in accordance with the testing scope defined by Allianz Technology central Risk Management team
•Supports the business owners in preparing and reviewing approval of Global Project Portfolio (former NBM) applications or other project and program risk assessments incl. their follow up on mitigation actions
The Entity Risk Officer supports risk, control and outsourcing related procedures of the Operating Entity.
Given the critical role of the Operating Entities and the related risks, the Entity Risk Officer is 100% dedicated to risk (full-time).
The organizational set-up of the function and the appointment or dismissal of the Entity Risk Officer requires pre-alignment with the Regional Risk Officer and the AZ Technology CRO.
Reporting
The Entity Risk Officer has a direct reporting line to the Regional Risk Officer. For some ad-hoc tasks, the Entity Risk Officer might work reporting directly to Head of OpIT
Qualification
Multi-year professional experience, in different areas of IT risk management or other safeguarding functions
Good understanding of the risk categories: operational risk, IT risk, project risk, third party risk, business risk
Good knowledge of local service landscape and supplier relationships
Basic knowledge of local regulatory environment and standards like: COBIT 2019, COSO, ISO27xxx, ISAE/SOC
Strong communication and conflict management skills
Advanced skills in MS Office, knowledge of ORGS, SNOW, MicroStrategy is a plus
Responsibilities
•Actively acts as interface with Allianz SE / AZ RE and its Business Units and supports Allianz Technology incl. its departments, services, tribes or projects with the implementation of the Risk Policy Framework (Risk Policy, IRCS Policy, AZTEC Outsourcing Policy, TPRM Standard)
•Supports in project mode OP IT related projects like NFRM etc or other related projects
•Oversees and monitors compliance with the Risk Policy Framework
•Contributes to the improvement of Allianz Technology’s risk culture
•Reports of any material risk management related information to the AZ Technology CRO and/or respective central risk management team (high risk situations, exceptions and risk acceptances) and contributes to the Allianz Technology Risk Committee reporting
•Coordinates the implementation and regular performance of the Integrated Risk and Control System (IRCS) Cycle and Third-Party Risks Management (TPRM) Cycle
•Ensures clear allocation of Risk and Control ownerships including Business ownerships for outsourced functions or services
•Coordinates risk assessments (including outsourcing risk assessments), supporting the business in control implementation, documentation and performance, development of mitigation plans and its follow up
•Coordinates activities with other expert functions, in particular Data Privacy, Information Security, Protection & Resilience
•Supports Business Owners and TPRM team in the identification and classification of outsourcing contracts and in fulfilling outsourcing requirements according to the Policies and Standards (e.g. Outsourcing Due Diligence, Exit Plans)
•Performs quality assurance on the outcomes of the IRCS and TPRM cycle
•Plans and coordinates control testing activities (including own performance of independent control testing) in accordance with the testing scope defined by Allianz Technology central Risk Management team
•Supports the business owners in preparing and reviewing approval of Global Project Portfolio (former NBM) applications or other project and program risk assessments incl. their follow up on mitigation actions