Who are we?
Amaris Consulting is an independent technology consulting firm providing guidance and solutions to businesses. With more than 1000 clients across the globe, we have been rolling out solutions in major projects for over a decade – this is made possible by an international team of 7,600 people spread across 5 continents and more than 60 countries. Our solutions focus on four different Business Lines: Information System & Digital, Telecom, Life Sciences and Engineering. We’re focused on building and nurturing a top talent community where all our team members can achieve their full potential. Amaris is your steppingstone to cross rivers of change, meet challenges and achieve all your projects with success.
At Amaris, we strive to provide our candidates with the best possible recruitment experience. We like to get to know our candidates, challenge them, and be able to give them proper feedback as quickly as possible. Here’s what our recruitment process looks like:
Brief Call: Our process typically begins with a brief virtual/phone conversation to get to know you! The objective? Learn about you, understand your motivations, and make sure we have the right job for you!
Interviews (the average number of interviews is 3 - the number may vary depending on the level of seniority required for the position). During the interviews, you will meet people from our team: your line manager of course, but also other people related to your future role. We will talk in depth about you, your experience, and skills, but also about the position and what will be expected of you. Of course, you will also get to know Amaris: our culture, our roots, our teams, and your career opportunities!
Case study: Depending on the position, we may ask you to take a test. This could be a role play, a technical assessment, a problem-solving scenario, etc.
As you know, every person is different and so is every role in a company. That is why we have to adapt accordingly, and the process may differ slightly at times. However, please know that we always put ourselves in the candidate’s shoes to ensure they have the best possible experience.
We look forward to meeting you!
Job description
We are seeking an experienced Operational and ICT Risk Management Specialist to maintain and enhance our Operational and ICT Risk Management Framework in collaboration with the Group Risk Management Function. The successful candidate will play a crucial role in analyzing incidents and loss events, conducting risk assessments, and supporting the development of risk policies and procedures.

PROFILE REQUIREMENTS:

University degree, preferably in Economics, Finance, Mathematics, or comparable studies.
Strong understanding of the Operational Risk Regulatory framework (Basel, CRR3).
In-depth knowledge of ICT Risk Management frameworks, industry standards, and regulations (e.g., ISO27 Standards, NIST Framework, DORA).
Good knowledge of the banking industry and processes.
Analytical, rigorous, with a keen attention to detail and accuracy.
High level of drive and resilience, with a strong sense of personal accountability and the ability to prioritize and deliver in a dynamic environment.
Excellent communication skills with the ability to challenge others and propose alternative solutions (problem-solving skills).
Proficient in written and spoken English & Italian

Maintain the Operational and ICT Risk Management Framework in collaboration with the Group Risk Management Function, including data loss collection.
Analyze incidents and loss events that occur in operational processes alongside the originating business unit.
Conduct lessons learned sessions with the originating business unit to prevent the recurrence of loss events.
Assist departments in performing Risk & Control Self Assessments (RCSAs) and in defining risk mitigating controls and measures, challenging the proposed assessments.
Review the results of the Risk & Control Self Assessments (RCSAs).
Understand technical IT and security architecture to identify vulnerabilities, threats, and risks in the IT landscape.
Support the technical function in setting up and maintaining the ICT risk inventory.
Assist in performing ICT risk assessments on ICT assets.
Monitor the Risk Appetite Framework concerning non-financial risks.
Conduct second-level controls related to MiFID on customer accounts and assets under management.
Support the regular review, updates, and implementation of relevant Risk Policies and procedures in coordination with the Group.