Responsibilities:
- Establish IT risk framework across the 3 domains: risk governance, evaluation and response to ensure that IT risk issues, opportunities and events are addressed in a cost-effective manner and in line with business priorities
- Define appropriate IT risk management policy and align them with Firm policies; ensure that IT risk management activities align with the enterprise’s objective capacity for loss and leadership’s tolerance of it
- Responsible for establishing and maintaining IT-wide risk register and leading continual improvement of the IT risk management program with a goal of reaching level 4 on the maturity scale (managed & measurable)
- Monitor changes to legal and regulatory landscape and assure that IT processes continue to be in compliance; promote risk-aware culture across IT; encourage effective communication about governance, risk and compliance
- Define risk categorization and risk ranking calculations for a consistent way of describing risk throughout IT; map identified risks to established controls; identify control gaps
- Establish reporting mechanisms consistent with the ERM reporting. Define and report risk profiles at the IT-wide level as well as across departments (i.e., Solutions, Security & Risk, Technology Operations, etc.)
Qualifications:
- Minimum eight years’ experience in IT Risk Management; IT Policy, Governance and Compliance Management; Information Security
- Bachelor’s Degree in Engineering, Computer Science or closely related discipline from an accredited college or university preferred
- Certifications: CRISC, CISSP, CISM, CISA, CIPP, CGEIT, ITIL and other relevant certifications
- Working knowledge of RSA’s Archer eGRC Solutions and Archer certification is a plus
- Strong verbal and written communication skills with the ability to effectively interact with all levels in an organization
- Strong interpersonal skills demonstrating the ability to gain the confidence and respect of senior executives, functional leadership, and business sponsors