Vacancy expired!
- Collaborate closely with the Enterprise Risk Business Partners and Business Continuity teams, ensuring compliance and alignment with the Enterprise Risk and BCM frameworks
- Liaise with audit (internal and external) and coordinate audit activities
- Guide the development and implementation of internal policies and procedures, ensuring that activities are consistent with objectives, operating model and organizational strategy
- Support the identification and documentation of risks and control weaknesses, and mitigation of those risks and weaknesses
- Assess, monitor, and control the Technology risk portfolio
- Support the currency of Technology BC and Technical Recovery Plans
- Develop Test Plans and implement effective IT Risk Management practices in collaboration with key partners such as Enterprise Risk, Information Security and Compliance
- Coordinate Technology involvement in Business Continuity (including Crisis Management) exercises in partnership with 2nd Line Business Continuity function
- Track and report risk management trends, opportunities and remediation monthly.
- Make recommendations to the Head of IT Strategy and Planning, appropriate risk governance committees and line-of-business managers concerning IT-risk-related controls.
- Supervise the IT-risk-management-related activities of indirect reports and others.
- Carry out additional duties as assigned
- Bachelor Degree with a focus on IT- or IT-risk-related disciplines , or five to seven years of experience in IT risk management or a related field
- Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or equivalent is helpful.
- Basic knowledge of a broad range of standards and frameworks such as International Standards Organization (ISO) 27001, COBIT, IT Infrastructure Library (ITIL) and ISO 20000, Capability Maturity Model Integration and Six Sigma
- Knowledge of common risk management methodologies including development of Control Objectives, Risk Identification and Assessment, etc.
- A proven leader with vision, a problem solver and integrator of people and processes, as well as an effective internal consultant.
- In-depth understanding of strategic business risks
- Solid domain proficiencies in a number of IT-risk-related disciplines, including security, business continuity management, audit coordination, privacy and compliance.
- In addition to putting clients first, acting like an owner, and succeeding as a team, the competencies for this role include:
- Ability to develop a comprehensive understanding of our business, market and industry and relate that knowledge to identified operations- and IT-related risks
- Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes
- Demonstrable ability to connect with people at all levels from developers to the C-level
- Excellent written and verbal communication skills including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences including strong interpersonal and collaborative skills
- Solid skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line-of-business managers
- High level of personal integrity, especially while handling confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
- High degree of initiative, dependability and ability to work with little supervision