IS & IT Risk Manager

IS & IT Risk Manager

Requirements

• Bachelor’s Degree or equivalent combination of education and experience in Business Administration, Risk, Information Security, or Information Systems
• 4-7 years Information Security and Technology functionality; risk management focus; financial services industry & some knowledge of regulatory requirements
• Risk-related Certification such as CRISC within 2 years

Responsibilities

• Develop and maintain the Information Security and Information Technology risk governance process, including development of the IS and IT Risk Management Programs and supporting policy, process and procedures
• Develop and maintain the methodology to conduct security and technology risk assessments, aligned to the Bank’s evolving Risk Governance Framework, including control self-assessments, risk assessment tools, NIST Cybersecurity Framework, risk monitoring tools (KRIs), and analysis of audit findings
• Identify gaps in risk management practices and work with stakeholders to define solutions; prioritize, communicate, track, manage and report identified issues
• Provide leadership, oversight, support, and risk consultation on relevant security and technology operational processes and initiatives; use of sound risk-based decision making, experience and judgment in responding to inquiries
• Lead a program to execute testing and validation of key controls; support regulatory and independent testing liaison activities as related to Information Security and Technology risk programs
• Maintain the Records Information Management Program; which includes facilitating data destruction within information technology systems and at physical record centers, maintaining the Record Retention Schedule, and assisting with records information management training
• Remain current with Information Security Risk, Information Technology Risk, and Records Information Management regulatory guidance and industry best practices as well as emerging industry-wide risks via public domain, industry-specific organizations, and internal contacts
• Ensure corporate wide communication, reporting and support to foster a consistent culture of compliance and collaborative environment with the first line of defense and other key stakeholders for an enterprise-wide and holistic program relating to Information Security and Information Technology Risk Management
• Coordinate components of select examinations and audits in accordance with ‘Regulatory Examination Facilitation’ procedures maintained by compliance and ensures that all exam and audit needs are met.

Preferred Qualifications

• 7-10 years Information Security and Technology functionality; risk management focus; financial services industry & some knowledge of regulatory requirements (Preferred)
• Other Information Security Certifications such as CISSP within 2 years (Preferred)