IT & Operational Risk H/FCrédit Agricole

Premier gérant d'actifs européen parmi les 10 premiers acteurs mondiaux (1), Amundi propose à ses 100 millions de clients - particuliers, institutionnels et entreprises - une gamme complète de solutions d'épargne et d'investissement en gestion active et passive, en actifs traditionnels ou réels. Cette offre est enrichie de services et d'outils technologiques qui permettent de couvrir toute la chaîne de valeur de l'épargne. Filiale du groupe Crédit Agricole, Amundi est cotée en Bourse et gère aujourd'hui près de 2 300 milliards d'euros d'encours (2). Ses six plateformes de gestion internationales (3), sa capacité de recherche financière et extra-financière, ainsi que son engagement de longue date dans l'investissement responsable en font un acteur de référence dans le paysage de la gestion d'actifs. Les clients d'Amundi bénéficient de l'expertise et des conseils de 5 500 professionnels dans 35 pays. Amundi, un partenaire de confiance qui agit chaque jour dans l'intérêt de ses clients et de la société. (1) Source : IPE « Top 500 Asset Managers » publié en juin 2025 sur la base des encours sous gestion au 31/12/2024 (2) Données Amundi au 30/06/2025 (3) Paris, Londres, Dublin, Milan, Tokyo et San Antonio (via notre partenariat stratégique avec Victory Capital)

Reporting to the CIO, the IT Risk Owner (ITRO) is a first line of defense role responsible for managing ICT risk within its scope, covering governance, operations and incidents, projects and application development, suppliers, obsolescence and compliance. The ITRO helps consolidate the overall ICT risk view and coordinates with the relevant stakeholders to ensure comprehensive risk coverage.

Key responsibilities
Contribute to the definition of the entity's ICT risk appetite and Digital Operational Resilience Strategy (DORS).
Help design, maintain and improve the ICT risk management framework, in coordination with other risk stakeholders.
Identify, assess and monitor ICT risks within the scope of responsibility, and escalate cross-cutting risks where needed.
Lead and track remediation actions and the ICT risk action plan.
Define and monitor KPIs/KRIs, produce dashboards and support risk reporting to governance bodies.
Monitor developments in the internal and external environment, including regulations, standards, technologies and emerging risks.
Contribute to Group-level assessment and control campaigns and governance activities.
Ensure ICT risk is properly addressed in projects, whether internal or outsourced.
Advise the CIO, project managers, business lines and functions on ICT risk matters.
Raise awareness and provide training on ICT risk across the entity.
Coordinate the maintenance of reference architectures, asset mapping and dependencies, including third-party relationships.
Contribute to the management of ICT incidents and crises, in cooperation with the relevant stakeholders.
Define and run the Level 2.1 control plan, and ensure Level 1 controls are performed.
Support internal control reporting and periodic reviews of the ICT risk management framework.
Assess third parties used by the entity and ensure DORA compliance.
Support the entity in its due diligence and DORA compliance towards external clients.