Vacancy expired!
Location: Denver, CO Description: You are responsible for establishing and maintaining Jour clients' overall IT operational risk management and business continuity functions. You are responsible for identifying, evaluating and reporting on IT operational risks in a manner that meets our clients' regulatory and compliance requirements. You will maintain, manage and govern IT's BCM function for recovery from all types of business disruption risks (natural, technical, geopolitical, accidental, workforce, supplier) across the entire geographic footprint of the enterprise. You will work proactively with the various business units and internal departments and organizations to implement practices that meet JHI's defined policies and standards.
As a risk manager, you are the "process owner" for all IT-related risk assessments and identification activities for the company's IT systems and information assets and for its IT-dependent strategic business objectives. A crucial element of your role is working with senior leaders, line-of-business managers and other key decision makers to determine acceptable levels of residual risk for the company as a whole and for various internal groups and organizations. You are a proven inspiring leader, problem solver, integrator of people and processes, as well as an effective internal consultant. You need a solid domain of competencies in a number of IT-risk-related disciplines, including security, business continuity management, audit coordination, privacy and compliance. You must be much more than simply a technology and controls expert; you must also possess significant management and communications skills and industry specific business knowledge.Duties and responsibilitiesYou will:Collaborate closely with the Enterprise Risk Business Partners, ensuring compliance and alignment with the related frameworkWork alongside internal and external audit and coordinate audit activitiesLead the coordination IT audit activities for the SOX and Internal Controls Reports (ISAE 3402), acting as the main point of contact for internal partners, external auditors and other parties as requiredGuide the development and implementation of internal policies, procedures, and controls, ensuring that activities are consistent with objectives, operating model and organizational strategySupport the identification and documentation of risks and control weaknesses, and mitigation of those risks and weaknessesFacilitate the error management process, including escalation, root cause analysis, resolution of errorsAssess, supervise, and control the Technology risk portfolioCarry out additional duties as assigned Supervisory responsibilitiesNoTechnical skills and qualificationsTracks and reports risk management trends, opportunities and remediation monthlyWorks closely with Enterprise Operational Risk, Information Security, Compliance, and Privacy organizations to develop and implement effective IT risk management practicesMakes recommendations to the Head of IT Strategy and Planning, appropriate risk governance committees, line-of-business managers concerning IT-risk-related controlsActs as risk management liaison with all levels of the IT organization and with the lines of business and other internal groups and organizationsSupervises the IT-risk-management-related activities of indirect reports and othersA Bachelor's of Science degree is preferred, with a focus on IT- or IT-risk-related disciplines (for example, security, privacy, BCM and compliance), or five to seven years of experience in IT risk management or a related fieldBeneficial certifications include: Certified Information Security Manager, Certified Information Systems Security Professional or equivalentBasic knowledge of a broad range of standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration and Six SigmaKnowledge of common risk management methodologies such as Development of Control Objectives, Risk Identification and Assessment, etcCompetencies required In addition to putting clients first, acting like an owner, and succeeding as a team, the competencies for this role include:In-depth understanding of strategic business risksAbility to develop a comprehensive understanding of our business, market and industry while relating that knowledge to identified operations- and IT-related risksAble to propose relevant IT responses to changing business risks and regulatory changesGood communicator with the ability to communicate effectively with people at all levels from developers to the CIOExcellent written and verbal communication skills including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences and good interpersonal and collaborative skillsSolid skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line-of-business managersHigh level of personal integrity; able to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturityHigh degree of initiative, dependability and ability to work with little supervisionOngoing competence in the role to be assessed, in line with applicable regulatory requirements, by:Annual performance appraisalCompletion of all assigned compliance trainingCompliance requirements At a minimum the role will require you to:Place the interest of Janus Henderson's Clients first, act in accordance with TCF (Treating Customers Fairly) principlesUnderstand and follow laws and regulations applicable for your role, seeking the help of your supervising manager or Compliance if additional guidance is requiredUnderstand and abide by all Janus Henderson policies applicable to your role, and seek support/guidance of the policy owner guidance when requiredYou are ultimately accountable for your actions and responsible for seeking further information on any or all of the above as necessaryAnnual Bonus Opportunity: Position is eligible to receive an annual discretionary bonus award from the profit pool. The profit pool is funded based on Company profits. Individual bonuses are determined based on Company, department, team and individual performance. Contact: This job and many more are available through The Judge Group. Find us on the web at www.judge.com