Risk Officer for Shadow IT

Inetum is a European leader in digital services. Inetum’s team of 28,000 consultants and specialists strive every day to make a digital impact for businesses, public sector entities and society. Inetum’s solutions aim at contributing to its clients’ performance and innovation as well as the common good.

Present in 19 countries with a dense network of sites, Inetum partners with major software publishers to meet the challenges of digital transformation with proximity and flexibility.

Driven by its ambition for growth and scale, Inetum generated sales of 2.5 billion euros in 2023.

Shadow IT (eg. IT outside the IT governance) is a risk for any organization and even worse for regulated companies like banks.

Role for our client as Risk officer for Shadow IT is to ensure this risk is properly managed.

To do so, there is a need to manage a global inventory referencing all shadow IT usage with their resulting IT risks and for this portfolio the shadow IT risk officer is in charge of liaising with business teams to identify new or evolving Shadow IT situations, challenge content declared data completeness and consistency but also provide support and coordination during assessment and validation.

Finally,you will ensure follow-up of related KPI and KRI to be able to perform the reporting about these risks to the top management.          

Main Tasks:

Maintenance of the Shadow IT portfolio:

- Regularly Update existing or new Shadow IT situations (risk level, owner, impact, description, mitigation…)

- Initiate & support the annual review campaign of all Shadow IT situations and associated risks across the organization

Support risk assessment:

- Organize with relevant stakeholders the assessment/analysis about identified Shadow IT (e.g.: impact, mitigation…)

- Organize the validation of IT risk cards linked with Shadow IT assessment

- Organize the compliance with the company's Risk Management process

- Collect and centralize reported Shadow IT situations and challenge  them with relevant stakeholders

Reporting: 

- Follow KPI defined for Shadow IT  (Risk Level, owners, SPOCs…)

- Perform a reporting about risks and action plans to the top management, raise alerts if needed

- Participate to the Business Line Risk committee to share inputs about Shadow and associated risks (risks stored in Risk Register, level of risks, impact…)                                                  

Technical Skills:

• Risk monitoring (knowledge in risk management: ability to identify, alert and suggest remediation)                                                 
• Risk analysis (ability to anticipate/analyze threats and create risk scenario) and Risk opinion (ability to challenge, approve and decide (new activities, projects…)                                                   
• Internal audit knowledge (knowledge of the audit process and methodology)                                                  
• IT knowledge (global knowledge of IT, its major processes and assets & solutions) and Cybersecurity (general knowledge in cybersecurity risks, frameworks and requirements)                                                           
• Regulatory (general knowledge in IT and cybersecurity regulators framework) and Compliance (global knowledge of compliance, its major processes or regulatory framework)                                                             

Language Skills:

• English