Enterprise Technology Risk Manager, AI/Cyber

Enterprise Technology Risk Manager (AI/Cyber)

The Enterprise Risk Department operates as an independent second-line risk function, responsible for developing and administering the enterprise risk framework used to identify, assess, and report risks. This function establishes parameters for risk management, identifies and escalates risks independently when necessary, and provides robust oversight and challenge across the business. Its objective is to ensure effective management of all business, financial, and non-financial risks faced by ICE Inc and its subsidiaries.

The Enterprise Technology Risk Manager (AI/Cyber) is part of the Risk Department within the second line of defense. The candidate will be a key part of the team executing the risk framework, covering all the risks faced by the ICE, working closely with all business lines and providing analysis and information directly to the senior management team. The responsibilities include oversight of the technology and operational risk activities namely - conducting risk and control assessments (RCSAs), Deep-dives, and review and assessment of material risks including - though not limited to -operational risk, and technology risk across all IT domains with a focus on AI and Cyber risks pertaining to AI.

The second line of defense risk function provides the framework for identifying, assessing and ensuring appropriate transparency across the Enterprise Risk Register.

Responsibilities

• Risk identification, management, monitoring, reporting:
  • Assist with the identification and assessment of AI related risks including assessment of ICE use cases of AI against ICE's responsible use of AI assessment framework, and identification and assessment of AI driven cyber related risks including vulnerability and exploitation risks, data leakage, personal data protection risks, etc.
  • Assist in the management of the ICE risk appetite framework, or specific aspects of IT, including setting of risk appetite in relation to Technology Risks.
  • Risk identification on an ongoing basis, including providing views on new / emerging risks.
  • Assisting 1st Line of Defense (LOD) in completing risk register assessments, inclusive of review and challenge.
  • Assisting 1st LOD in maintaining the control inventory, inclusive of review, challenge and independent monitoring.
  • Reviewing and challenging the first line functions in their incident investigations
  • Providing input to relevant policies and procedures, including challenge to the policies of the first line functions relating to risk
  • Providing any ad hoc support or assistance to other roles across Risk deemed necessary by managers
  • Contributing to the development and delivery of risk training across the organization
• Risk measurement methodologies, analytics and models:
  • Performing any necessary qualitative or quantitative assessment of risk as challenge to the regular risk measurement and assessment responsibility of the first line functions.
  • Identification, development and implementation of new risk metrics and risk reporting
  • Supporting the provision of regular review and challenge to first line risk management, escalating any major risks and concerns in a timely manner.
• Risk reporting and communications:
  • Maintaining industry awareness, best practice insight and regulatory knowledge with regards to operational risk management, IT / AI / Cyber risk management frameworks.
  • Oversight of production of daily and periodic risk reports/dashboards to Executive Management and Board Committees pertaining to Operational and Technological Risks.

Knowledge and Experience:

• Bachelor's, master's or other advanced degree in technology or finance or related discipline
• Proficient in the use of AI and other analytic tools.
• Experience with best practice AI and Cyber risk and control frameworks
• Experience in financial services risk management or another assurance or analytical role
• Broad understanding of all risk types, with specific experience of operational risk or enterprise risk frameworks valuable
• Knowledge of the financial markets, financial market infrastructure and regulatory environment
• Confidence and ability to question / provide challenge to members of the first line risk function if required
• Maturity and self-awareness, ability to listen actively, to build strong relationships and influence at all levels and to create a demand for your expertise
• Credibility and communication skills to deal with senior management and business heads
• Strong commercial awareness
• Python coding capability for development of KPI's and analytics is preferred but not required.

Intercontinental Exchange, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to legally protected characteristics.