International Bank Client
Office Status: Hybrid
We are looking for an experienced Information Security and Technology Risk Manager to join our team to drive a consistent risk management approach in the 1st line of defense to identify, assess, manage and report Information Security and Technology risks across lines of business.
Principal Duties and Responsibilities
- Assist the Information Security and Technology Key Risk Officer with monitoring risk and providing oversight and credible challenge of the 1st line control environment.
- Develop and maintain Information Security and Technology policies and standards.
- Collaborate with the business to develop Key Risk and Key Performance Indicators covering Information Security and Information Technology.
- Conduct deep dives/risk assessments/gap analyses, identify opportunities for control enhancement and risk mitigation, and document findings.
- Track remediation plans on material risk events and issues to ensure control gaps are closed.
- Coordinate remediation efforts for risk and control issues and support issue closure or risk acceptances, as needed.
- Work with action owners to collect and evaluate appropriateness of evidence.
- Support key control committees and groups that govern Information Security and Technology risk.
- Gain a deep understanding of the business’ needs and identify opportunities to strengthen the control environment.
- Participate in the Risk and Control Self-Assessment program and review results conducted by the 1st line to assess whether the proper risks are identified and to verify the effectiveness of the control environment.
- Participate in various ORM Framework enhancement projects (ex. Internal Control Testing, Scenario Analysis).
- Raise awareness in the business lines of the importance of strong security and technology risk management practices and the need for effective controls.
- Prepare presentation materials for leadership, business partners, and regulators.
- Balance operational risk requirements with the need for efficient business operations.
- Remain current with Information Security and Technology trends and regulatory areas of focus.
- Bachelor’s degree in computer science, engineering, MIS, information assurance or related technical field. Related experience acceptable in lieu of related degree.
- 7+ years of experience working in a Technology Risk, IT Audit, Information Security or related field.
- Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.
- Solid knowledge of information security and technology frameworks and industry best practices including: FFIEC, ISO, NIST, COBIT, ITIL.
- Financial Services/Banking experience is strongly preferred.
- High motivated, self-directed individual with the ability to work independently.
- Strong project management capabilities with ability to multi-task.
- Organized, with the ability to prioritize and complete tasks within defined SLAs.
- Practical knowledge of risk reporting and development of key risk indicators.
- Excellent analytical skills with the ability to identify emerging risks, summarize issues, and explain risk trends.
- Strong collaborative and interpersonal skills as well as an ability to communicate (verbal, written and presentation) across all levels within the organization.
- CISSP, CRISC, CISA, CISM, or CCSP certifications a plus.