Senior Risk Manager- Information Technology

Description

**REMOTE OPPORTUNITY**

Summary

This position is part of a newly created team that will focus on enterprise information technology, information security, cybersecurity, and technology risks. The role will be tasked with assisting with sharing and implementing risk frameworks, best practices and solutions. In addition, the team will work with IT and Business partners across the company to provide an enterprise-wide view of technology risk, to assist management in identifying and monitoring risks and KRIs, and to recommend appropriate action when situations exceed the risk tolerance of the company.

Essential Job Functions:

• Assist and advise in the development, communication, and execution of an information technology risk management roadmap, risk framework, and risk methodologies as well as policies, procedures, tolerances, and KRIs.
• Partner with Information Technology to establish, maintain, and advise on the Risk and Control Self-Assessment for the identification, assessment, measurement, and monitoring of enterprise information technology, information security, cybersecurity, and technology risks.
• Manage and assist in the selection, development, use, and on-going maintenance of GRC tool.
• Perform targeted and advisory risk assessment that establishes the risk level of associated risks and/or areas.
• Provide oversight and advise on risk management activities and first line monitoring.
• Manage and conduct control assessments and periodic monitoring of the information technology’s and lines of business’ critical systems, business applications and technology.
• Manage, test, and evaluate policies, procedures, controls, standards, and procedures to identify gaps and to recommend opportunities for control enhancements.
• Develop documentation, as necessary, of defined control procedures and environment and responsible for ensuring required documentation of risk control reviews is properly maintained.
• Evaluate risk level and adequacy of controls to ensure risks are appropriately mitigated.
• Identify key risk indicators and establish monitoring reports and develop analysis and reporting to identify and communicate risk insights.
• Advise on and maintain oversight of department’s remediation efforts for risk exposures, gaps, and deficiencies and complete remediation testing to assess effectiveness of improved controls.
• Manage annual SOC audits and the completion of SOC reports for the enterprise.
• Develop and cultivate close working relationships with Executive and Senior partners in Information Technology, Information Security, and Internal Audit and Risk Management personnel.
• Act as a Risk representative within initiatives or project and participate in new business system initiatives, ensuring understanding of controls and adequacy of documentation. 
  • Provide effective and concise communication to all levels of management as it relates to risk levels associated with the business areas.
  • Stay abreast of changing requirements that impact information technology areas to ensure appropriate and timely change management.

Other Related Duties:

Performs other related duties as assigned.

• Aware and knowledgeable of changing requirements and industry risk trends.
• Ability to interpret and communicate all internal or external regulations, policies, and/or procedures.

Supervisory Responsibilities:

This position has no supervisory responsibilities.

Qualifications:

To perform this job successfully, an individual must be able to perform each essential function satisfactorily. An individual must have proficient experience and knowledge in the areas within the role. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Education and/or Experience:

• Bachelor’s degree from a Four (4) year College or University and 7-10 years related experience and/or training; or equivalent combination of education and experience.
• Knowledge and direct experience using IT and Cyber Security Risk Frameworks such COBIT, NIST, COSO, FFIEC, etc. is required.
• Knowledge and direct experience with Risk Management including risk framework/methodology development, risk identification, assessment, mitigation, monitoring, and reporting including understanding regulatory requirements and expectations related to risk management.
• Certified Risk Manager (CRM)
• Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
• Certified Internal Auditor (CIA) or Certified Regulatory Compliance Manager (CRCM) is a plus
• Experience with GRC software is required.
• Experience in mortgage and/or financial services is preferred.
• Must be operations oriented with strong project management skills.

Certificates, Licenses, Registrations:

Certified Risk Manager (CRM)

Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)

 

#cb