We are seeking an IT Risk Manager to be a key member of the Information Security team, reporting to the Head of IT Risk, Governance & Compliance. S/he will be responsible for the continuous development and management of the IT Risk Management framework, processes and related documentation. S/he will lead and monitor the Application Security Risk Assessment (ASRA) operating model for the firm and will be responsible for managing and reporting on risk programs related to cyber and information security in a manner that meets corporate, legal and regulatory requirements. The IT Risk Manager will also be responsible for supporting the development and implementation of the Controls framework, processes and related documentation.
Oversees the Risk Assessment function.
Identifies, assesses, and monitors applicable risks based on risk management policies and procedures.
Maintains and enforces the IT risk assessment framework/ methodology.
Ensures security-related processes are embedded within the firm’s systems development life cycle.
Develops and implements risk responses to ensure that risk factors and events are addressed in compliance with applicable laws, regulations, policies and standards.
Manages tracking of identified findings and actions to closure, and reporting to leadership.
Manages an IT risk register to address risk issues and action plans from all sources, e.g., IT audit, risk assessments, vulnerability scans, penetration testing, etc.
Manages an effective risk acceptance process to facilitate and manage requests for non-compliance with polices and standards.
Helps design and implement an IT controls assessment process to ensure that controls function effectively and efficiently.
Participates in key initiatives as the subject matter expert to ensure alignment with IT and Information Security programs and initiatives.
Coordinates with IT, Operational Risk and Internal Audit to facilitate key risk management processes and identify acceptable levels of risk.
Collaborates with executive management and department leaders to assess risk posture and concern
Strategic thinker with strong collaboration skills, detailed working knowledge of IT and information security and risk management best practices, and familiarity in implementing enterprise-wide programs in a highly regulated business environment.
Highly knowledgeable about the business environment and must ensure that risks to information assets are proactively managed within the business risk appetite.
Strong knowledge of applicable risk management practices required to create a culture of risk management compliance for his or her group or department.
Exhibit best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.
10+ years’ experience in:
- IT risk management and/or IT Audit related activities within the financial services industry
- Application security risk assessment tools or processes
- Performing gap analyses within different environments coupled with an in depth understanding of regulatory guidelines
- Working with information security risk, governance, and control frameworks such as ISO/IEC27000 series, NIST CSF, and CSA CCM
Technical abilities across a broad range of technologies: Windows, Linux, relational databases (Oracle, MS SQL, etc.), firewalls, routers, mobile devices, virtualization and cloud computing.
CISSP, CISA, CISM or CRISC certification is highly desired.
Project management and organizational skills, specifically managing multiple, concurrent projects.
Strong interpersonal, written, and oral communication skills.
Good influencing, relationship and stakeholder management skills.
Highly self-motivated and directed professional, with keen attention to detail.
Ability to communicate information security concepts across a broad range of technical and non-technical staff.
Excellent analytical, problem-solving and decision-making abilities.
Able to effectively prioritize tasks in a high-pressure environment.
Strong customer service and solution-focused orientation.