How to become an ICT risk officer

Information is a paramount key to risk management. ICT is a potentially useful and important tool for all types of users and organisations for improving the efficiency, speed, and accuracy of responses.

This comprehensive training programme is designed for professionals, risk officers or those responsible for ICT/ICT risk management within their entity, aspiring to be proficient ICT risk officers. It covers a broad spectrum of information and communications technology (ICT) risks, focusing on cybersecurity, data privacy, and compliance. Participants will be equipped with the skills to identify, assess, and mitigate ICT risks in their organisation. The program includes practical case studies, the latest industry best practices, including DORA/ICT security and risk management, and interactive sessions on risk management frameworks and tools.

By the end of this training, participants will be able to:

• understand main non-financial risk frameworks;
• define the ICT risk management framework from a regulatory standpoint;
• define the ICT risk governance framework;
• understand the different categories of ICT risks (including threat source, vulnerabilities and potential impacts);
• define the risk taxonomy relevant to your organisation;
• understand different quantitative and qualitative approaches to assess and measure ICT risks;
• manage and monitor the ICT risks in accordance with regulatory and market standards.

• Main regulatory requirements about ICT risk management
• Main obligations for the management body (i.e. Authorised Management or Conducting Officer who is looking after ICT related matters)
• Roles and responsibility of ICT risk officer
• ICT risk fundamentals and key concepts
• ICT risk identification and assessment
• ICT risk monitoring and controls
• Case study

This training is coordinated by Michael Horvath and Koen Maris, Partners at PwC Luxembourg.

Michael has acquired a strong financial and regulatory audit as well as advisory background and significant experience leading projects in the asset management sphere.
In the recent past, Michael has been particularly involved in various regulatory projects related to the implementation of the EU regulatory framework for sustainable finance (i.e. SFDR, taxonomy regulation, CSRD) at entity and product level. Michael is involved in various other regulatory projects for clients, from DORA, AML/CFT regulation over CSSF circular 18/698 to MICA.

Koen is partner at PwC Luxembourg, leading the Cyber Security practice with more than 20 years of experience in information/cyber security in cross industry environments. Koen is specialised in Secure Operations Centers, incident response and awareness raising at all levels of an organisation. He has experience with Distributed Ledger Technology, IoT, OT/IT security, threat intelligence and forensics. Koen has a strong technical background and operational experience in cyber security as well as strong competencies in security architecture, solution design, programme management, business development.