The Control Office, part of the COO division, is responsible for:
- Monitor the implementation of the non-financial risk management framework
- To design and review effective and adequate frameworks of internal control mechanisms in cooperation with the Client infrastructure/business functions, with a particular focus on so-called 'lessons learned' and 'health checks'
- To support risk managers in implementing and improving the framework of internal control mechanisms
- To establish a review process of the operational risk profile
- To monitor and report control indicators
- Improve behavioral standards through increased awareness (in collaboration with HR and Compliance)
Following the split and IPO in 2018, Client has begun to become independent from his previous organization, but significant dependencies remain, particularly in the areas of IT infrastructure, applications and information security (IS). In 2024, a transformation program is launched to ensure that Client's IT infrastructure is separated, thus ending this dependency.
After completion of this initiative, Client will have sole responsibility for its entire IT environment and, as one of the world's leading asset managers, must therefore have adequate management and control mechanisms in place. To support the organization in this, new job profiles are currently being created in the Control Office.
The newly created job profile of the 'Senior Business Control Officer for Information Security' will report to the Head of the Control Office team for COO and work closely with the Chief Information Security Office, the Technology Governance Team, those responsible for applications and IT infrastructure, and the function responsible for information security in the 'Second Line of Defense'.
Ensuring the implementation of the priorities of the organization and the Control Office such as findings management, post-incident reviews, risk & control assessments, scenario analyses, monitoring of risk appetite, risk metrics, and transformation activities regarding IT and IS risk management
Working with the Chief Information Security Office and the Technology Governance Team to create a context-specific framework and governance processes that enable IS and IT risks to be identified, managed, and reported on, including appropriate dashboards and metrics for the future multitude of IT service providers
Support in determining, reviewing, and adjusting the organization's risk appetite with regard to IS; monitoring the IT and IS risk profile with regard to risk appetite and corresponding reporting
Must have
Experience 15+ years in information technology at an enterprise level
Experience 5+ years in security (technical and organizational aspects), ideally in combination with experience in the financial industry, management consulting, auditing, or a technology company
Solid knowledge of relevant industry-specific and regulatory investigation methodologies and/or standards (e.g. ISO/IEC 27000 Series, COBIT5) required
University degree (computer science, business administration, natural sciences, or comparable); focus on information technology and information security preferred
Knowledge of the principles of operational risk management and experience in risk management
Advanced knowledge of MS PowerPoint, Excel and Word
Very good knowledge of English (spoken and written)
Nice to have
Additional certifications that would be advantageous include CISSP, CISA, ISO 27001 Lead Auditor, Six Sigma, or similar qualifications.
English: C2 Proficient
Lead
Luxoft, a DXC Technology Company (NYSE: DXC), is a digital strategy and software engineering firm providing bespoke technology solutions that drive business change for customers the world over. Acquired by U.S. company DXC Technology in 2019, Luxoft is a global operation in 44 cities and 21 countries with an international, agile workforce of nearly 18,000 people. It combines a unique blend of engineering excellence and deep industry expertise, helping over 425 global clients innovate in the areas of automotive, financial services, travel and hospitality, healthcare, life sciences, media and telecommunications.
DXC Technology is a leading Fortune 500 IT services company which helps global companies run their mission critical systems. Together, DXC and Luxoft offer a differentiated customer-value proposition for digital transformation by combining Luxoft’s front-end digital capabilities with DXC’s expertise in IT modernization and integration. Follow our profile for regular updates and insights into technology and business needs.