Hi,
Hope you are doing great….
Please go through the below job description, If you are comfortable with JD share your updated resume with contact details .
Title: IRM Lead Specialist
Location: NYC, NY
Duration: 12+ Months contract
Interview: Phone & Skype
Description:
The Information Risk Lead Specialist supports the Information Risk Principle and the wider global Information Risk Management (IRM) Technology Project Risk Assurance (TPRA) team. The IRM TRPA team although managed out of London, provides this service globally across all regions.
Sh/e will drive and support the development of strategic program elements and provide input to risk prioritization, including the development and implementation of key metrics (KRIs, KPIs), and support the development of information risk strategic program elements creating business value and helping to streamline technology development.
Sh/e will review internal and external IT projects and applications for risk issues and ensure adherence to security policies and industry best practices and security controls.
Sh/e must have detailed knowledge and understanding of meeting operational and technical information security and risk compliance requirements within a complex regulatory environment.
Sh/e drives the enforcement and interpretation information risk policies and standards and collaborates with other subject matter experts to determine business/project impact
Sh/e will drive and support the development of strategic program elements and provide input to risk prioritization, including the development and implementation of key metrics (KRIs, KPIs), and support the development of information risk strategic program elements creating business value and helping to streamline technology development.
Sh/e will review internal and external IT projects and applications for risk issues and ensure adherence to security policies and industry best practices and security controls.
Sh/e must have detailed knowledge and understanding of meeting operational and technical information security and risk compliance requirements within a complex regulatory environment.
Must haves:
• Project launch reviews with initial inherent risk and complexity assessment, reviewing business case, project objectives and KPIs
• Evidence based control effectiveness assurance reviews of specific work streams or delivery areas crucial to the success of the program, leveraging wider subject matter experts
• Check point reviews at key transition phases to provide assurance that readiness criteria to progress to the next phase have been met
• Pre-implementation readiness reviews, assessing implementation risks and providing assurance over testing results
• Work with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
• Periodic (e.g. monthly / quarterly independent assurance report over program status, assessing residual risk across key decision points, identify risks and advise on required actions
• On-going program performance tracking, including oversight of key control processes such as risk & issue and contingency management, via intelligent PMO function reporting into program Sponsor and Steering Committee
• Attend key meetings across the organization – dealing with all levels of stakeholders from C level to technical subject matter experts.
• Planning, execution and delivery of risk-based initiatives and projects
• Significant experience in one or more financial industry risk, compliance, control and governance disciplines
• In-depth understanding of information security principles and best practices across the industry as well as project management principles
• Strong stakeholder management, relationship-building, collaboration and presentational capabilities.
• Experience of carrying out risk reviews, technology audits or other similar work
• A thorough understanding of Risk Assessment approaches and methodologies
• A strong sense of proportionality, reasonableness and cost with respect to risk response
• Ability to manage through highly sensitive situations with highest level of discretion
• A strong understanding of residual risk and risk mitigation
• A strong bias toward quantitative risk data rather than subjective reporting is required
• Experience in maturing a risk organization toward a quantitative approach to reporting is highly desirable
• Strong experience in a Technology Risk, Information Risk, Information Security or an IT Audit role
• Advanced degree preferred – MSc in IT Security
• Bachelor’s Degree or equivalent work experience required.
• Certified Information Systems Security Professional (CISSP) required, additional security certifications advantageous e.g. Certified Information Security Manager (CISM) or Certified in Risk Information Security Control (CRISC), Certified Information Security Auditor (CISA)
• Proven experience of project management on the basis of an industry standard methodology - a Project Management qualification an advantage (PMI or PrinceYear)
No comments:
Post a Comment
Thanks
Gigagiglet
gigagiglet.blogspot.com