Talent Sourcing Specialist at Randstad India
Views:357 Applications:67 Rec. Actions:Recruiter Actions:66
Senior Risk Manager - IT (12-18 yrs)
Job description- Sr. Risk Manager
- All IT risk management activities are coordinated through this role. As a senior member of IT Risk and Compliance the person is responsible to maintain the IT Risk Framework and its associated controls and reporting.
- This role is responsible to evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the technology organization.
- Maintaining an active view of the Risk profile, will include conducting periodic assurance checks on Control Design and control Operating effectiveness and including this as part of the Residual
Risk profile for each process.
Qualifications, competencies, skills and experience:
The following are relevant and desirable for this role:
- Technology risk management: at least 12 years work experience in IT and technology risk, including at least 8 years at management level. The candidate should be well versed with core infrastructure and associated technology processes
- Incident management, Change management, release management and Infrastructure Support
- Has experience in practical application of audit methodology, conducting Risk reviews
- Relevant technical qualifications: such as MIRM, CRISC, CISM, CISA, CISSP etc ;
- Relevant business experience / qualifications / knowledge: technology risk must be managed in the context of various other risks, opportunities and challenges facing the organization.
- Strong reasoning, analytical and inter - personal skills.
- Excellent attention to detail and time management.
- Good track record of communicating effectively with both business and IT staff at all levels. Good presentation skills.
- Preferred competencies: Prior technology risk experience in banking/financial domain.
Key Performance Areas:
Risk Identification, Assessment and Evaluation:
- Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy.
- Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
- Identify potential threats and vulnerabilities for technology processes, associated data and supporting capabilities to assist in the evaluation of risk.
- Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
- Correlate identified risk scenarios to relevant technology processes to assist in identifying risk ownership.
- Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the risk management strategy.
- Collect and validate data that measure control monitors (KCIs/CSTs and KRIs) to monitor and communicate their status to relevant stakeholders.
- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
Information Systems Control Design and Implementation:
- Design information systems controls in consultation with process owners to ensure alignment with process inputs and outputs.
- Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
- Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
- Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
- Test information systems controls to verify effectiveness and efficiency prior to implementation.
Information Systems Control Monitoring and Maintenance:
- Monitor and maintain information systems controls to ensure they function effectively and efficiently.
- Additionally, the candidate should be able to effectively collaborate with multiple stakeholders and have the ability to distil information for management and executive - level reporting.
- Driving an effective risk & governance mechanism thereby ensuring timely & accurate identification and reporting of technology and operational risks through control education, review of metrics and facilitation of risk and control self - assessments.
- Co - ordinate all key risk activities and demonstrate a good understanding of the top and material risks within the business Assist in implementing and deploying an effective control risk self - assessment framework Act as central point of contact between the key stakeholders including internal audit, compliance, third party management etc