Back to jobsConduct objective, fact-based risk assessments on new and existing systems and share findings with all stakeholders within the information system.
Managing the IT Risk environment, including related policies, standards, and processes.
Manage the risk portfolio to include linking risk to controls, coordinating control owners to conduct RSCAs, and appropriately documenting control statements.
Understand and provide advice on managing cybersecurity risks; collaborate with other IT professionals as needed to address new emerging threats.
Manage the self-identified issue process; acceptance of issues; tracking SIIs and audit issues to closure.
Develop and implement a cybersecurity defence strategy, including business continuity and disaster recovery procedures.
Identify threats and conduct risk assessments to address cybersecurity risks.
Work with the team to improve the security posture of the business and reduce its risk profile.
Conduct on-site security assessments to measure the effectiveness of the third party's current control environment.
Knowledge and experience in information security standards. (ISO 27001, NIST, CIS, OWASP Top 10, Security Essentials)
Maintain close working relationships with appropriate teams across and outside of IT.
Work closely with all areas to ensure clear risk visibility with all IT staff.
Provide Continuous Control Monitoring through Key Risk Indicators, providing challenges to KRIs.
Establish and monitor key risk indicators and implement corrective action plans to mitigate risks.
Work closely with Group Risk Management, ensuring that IT Risks are reported as required to the Group Risk Board Committee and aligned with Risk appetite and Risk tolerance levels
Maintain an awareness of potential Emerging Risks and ensure these are recorded, visible, and considered in all new technology initiatives and financial planning activities
Provide oversight of all Risk Events, ensuring they are recorded, investigated, closed off, or escalated as necessary