The Risk Resilience Officer assists the Chief Risk Officer in the translation of the company's and Baloise Group's risk appetite and risk policies into the IT Risks, Business Continuity Risks and Outsourcing Risks for Baloise Assurances Luxembourg S.A., Baloise Vie Luxembourg S.A. and Baloise life Liechtenstein AG. Under the responsibility of the Chief Risk Officer, he or she ensures the effective operation of the risk management system for IT, Outsourcing and BCM topics, executing the risk and governance program and maintaining an organization-wide and aggregated view on the company's risk profile.
The Risk Resilience Officer will be in charge of the following roles and activities:
· Acts as IT Risk Officer for Baloise Luxembourg and Liechtenstein as defined by DORA regulation. The main activities are composed of the following:
o Supports the implementation and maintenance of IT Internal Controls
o Coordinates and support the annual IT Risk and Control Self-Assessment exercises
o Coordinates IT Incident management process and reporting to the regulators
o Performs quarterly IT Risk Reporting to the Risk Committees
o Supports the setting, prioritisation and monitors the implementation of IT Risk Management actions
· Acts as Business Continuity Management (BCM) Officer for Baloise Luxembourg. The main activities are composed of the following:
o Maintains the BCM Framework and Crisis Management plan
o Performs annual review of Critical and Important Functions (CIFs) and Strategic and Operational Business Impact Analysis (BIAs)
o Drive the execution of the annual BCM testing and perform annual BCM training to local SMEs
o Implementation of BCM reporting to both group and local risk committees and ensure prioritisation and monitoring of BC mitigating actions
· Acts as Outsourcing Risk Officer for Baloise Luxembourg and Liechtenstein. The main activities are composed of the following:
o Support the 1st line teams in identifying critical and important Outsourcers and IT Vendors
o Coordinate and support the annual assessment of Outsourcing services, incl. concentration risk
o Agreement and follow-up of action plans
· Master’s degree in IT, Information Security, Risk Management, or equivalent;
· Involvement in DORA project implementation in previous Financial entity would be considered as an asset;
· 4 - 5 years of experience in a similar position, preferably in the insurance sector, is desirable;
· Strong reporting skills, high degree of independence, affinity with IT Risk management, Business Continuity Management from Insurance or Banking sector preferably;
· Experience in writing internal policies, documenting processes, risk and controls ;
· Fluent in English and French. German is considered as an asset in the communication with Head Office;
· Strong analytical skills. Detail-oriented and ability to interpret IT Risks, threats and best practices;
· Team player, flexible, ability to work in a fast paced environment;
· Excellent communication and presentation skills;
· Excellent IT skills, in particular MS Excel, Word and PowerPoint.
