Operational Risk Management – Information Technology Risk

Bucharest 16 December 2019 - 18 December 2019

Trainer: Theodor Adam, Victor Rotaru, Florin Andrei și Larisa Găbudeanu


The training aims to provide the audience with the elements and techniques to help them efficiently and safely operate in an ever-changing environment that depends upon technology. The IT risk is actually the organizational exposure resulting from using information systems. We’ll present a complete set of concepts to enable the risk identification, evaluation and monitoring as well as developing the controls for those risks. The matters of Data Protection and integrating the IT risk management into the processes will be also covered by this course, thus equipping the audience with important knowledge that will enable them to create optimum and efficient processes

Target group

  • Operational Risk Management department employees
  • Data Protection Officers (DPO)
  • Managers from the financial industry, especially from IT, Finance, Risk, Compliance, Operations, Legal departments
  • Individuals seeking a career path towards the respective fields (IT, Finance, Risk, Compliance, Operations)


Prerequisites for attending the program:

  • Technical or economical higher education
  • Management theoretical knowledge

Course objectives

  • Present the concepts, terms, definitions and applicable standards
  • Present the processes and best practices related to the information risk management as well as the methods to identify, evaluate, treat and control the risks using the newest approaches and international standards related to risk management
  • Integrate risk management concepts and processes with the business processes to achieve better monitoring and control of the operational risks
  • Integrate data protection requirements in the information security model.
  • Present the roles of the lines of defence  in an organisation
  • Present the concept of minimum risk standards in alignment with the business strategy and the risk appetite
  • Improve the audience’s knowledge, skills and attitude related to operational risks management in IT.


  1. Introduction
  2. Risk management
  3. The process of managing the IT risk
  4. International standards and methods for risk management
  5. Integrating risk management processes into IT processes
  6. Approaching the risk requirements to meet the Data Protection legal requirements
  7. Organization’s lines of defence - roles
  8. Information risk minimum standards model aligned with the business strategy and the risk appetite
  9. The human factor
  10. Conclusions
  11. Questions and answers
  12. Examination


Victor Rotaru - IT and DPO expert, with a vast experience in information security management and operational management, having an international and multicultural exposure in international banking groups, as well as teaching experience with IBR (Romanian Banking Institute) and ISF (Financial Studies Institute)



Larisa Găbudeanu – data protection specialist, with a vast experience as a lawyer in an international law firm, counselling international clients and coordinating projects related to banking, IT law and data protection . In addition, she has good knowledge about information security and risk management gathered in a banking regional group and from her specialized education (in addition to graduating the Law Faculty, Larisa also graduated from the Informatics Faculty at the University in Bucharest and is currently finalizing the Information Security Master with the Faculty of Cybernetics).


Theodor Adam – graduated from the Faculty of Electronics and Telecommunications (UPB, 1995) and Academic Postgraduate Management Studies (UPB, 2002), worked in the IT, Financial and Legal Services industries (as an engineer for IBM, IT Director for NN Romania and for Kinstellar). He has a 24 years experience in IT and 19 years in management, taught technical trainings on behalf of IBM Romania and led IT organizations in NN and Kinstellar. Experienced with application development management processes, infrastructure, business continuity and disaster recovery, strategic planning, management by objectives, project management, IT operations.


Florin Andrei – Information Security specialist, with broad experience and exposure in the field. He has fulfilled multiple roles spanning from helpdesk officer and network administrator to information security officer, risk and physical security officer as well as coordination roles for risk management and IT security activities. National and international exposure within various companies and fields such as outsourcing, insurance and IT Security services.

Duration / Period

Program duration is 18 hours, spread over 3 days.


Program fee is 550 lei + VAT and it includes written course support, coffe break, lunch and participation cerificate.

Apply for course
Helpful information to complete the form.

 Newsletter ISF

Abonează-te acum pentru a primi ultimele noutăți. Suntem prezenți și pe rețelele de socializare și