How to become an ICT risk officer?

Information is a paramount key to risk management. Information and communications technology (ICT) is a potentially useful and important tool for all types of users and organisations for improving the efficiency, speed, and accuracy of responses.

This comprehensive training programme is designed for professionals, risk officers or those responsible for ICT/ICT risk management within their entity, aspiring to be proficient ICT risk officers. It covers a broad spectrum of ICT risks, focusing on cybersecurity, data privacy and compliance.

Participants will be equipped with the skills to identify, assess, and mitigate ICT risks in their organisation. The programme includes practical case studies, the latest industry best practices, including DORA/ICT security and risk management, and interactive sessions on risk management frameworks and tools.

By the end of this training, participants will be able to:

• understand the main non-financial risk frameworks;
• define the ICT risk management framework from a regulatory standpoint;
• define the ICT risk governance framework;
• understand the different categories of ICT risks (including threat source, vulnerabilities and potential impacts);
• define the risk taxonomy relevant to their organisation;
• understand different quantitative and qualitative approaches to assess and measure ICT risks;
• manage and monitor ICT risks in accordance with regulatory and market standards.

• Main regulatory requirements for ICT risk management
• Main obligations for the management body (i.e. Authorised Management or Conducting Officer who is looking after ICT related matters)
• Roles and responsibility of the ICT risk officer
• ICT risk fundamentals and key concepts
• ICT risk identification and assessment
• ICT risk monitoring and controls
• Case study

This training is coordinated by Michael Horvath, Partner at PwC Luxembourg.

Michael Horvath is a partner at PwC with extensive expertise in sustainable finance and the asset management industry, including both financial and real assets. Since joining PwC Switzerland in 2011 and PwC Luxembourg in 2018, he has led significant projects in regulatory audit and advisory, focusing on the asset management sector. Michael has played a key role in implementing the EU regulatory framework for sustainable finance, including SFDR, taxonomy regulation, and CSRD, as well as other regulatory initiatives such as DORA, AML/CFT, CSSF circular 18/698, and MICA. He is a certified public accountant in Switzerland and Liechtenstein and has contributed to designing compliance frameworks and operational implementations driven by regulatory changes. His notable client projects include defining target operating models for Luxembourg AIFMs, digital operational resilience planning, AML/CFT framework implementation, and ESG/sustainability process design, supported by his involvement in training and regulatory advisory.