Information Risk Job Description
Information risk
provides project management leadership for HSC ITS using industry proven security and compliance risk management methods and techniques.
Information Risk Duties & Responsibilities
To write an effective information risk job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Providing oversight and credible challenge to1st LOD policies, standards and processes related to I&T risk
Monitor and enhance controls around the key scanning processes employed by the firm Black Duck, SSAP Static, Dynamic & Threat Modelling
Determines operational objectives by studying business capabilities
Facilitates the design of new solutions by clearly defining business and functional requirements that lead to the achievement of desired business outcomes
Develop scorecard for CSA execution to show if process is on track or not
Identify global, regional, country-specific risk items that may impact the India GSC and ensure appropriate action items are put into place for compliance
Execute RCSA program for CT&R IAM, including setting up workshops to identify inherent risk and to request appropriate evidence for controls
Working with business and IT teams to identify, assess and treat information risks
Responsible for the progress and overall quality of work produced by the Information Risk team
Develop and maintain strong business and technology relationships, becoming a trusted partner, building relationships with Lines of Businesses, Corporate functions such as Audit, and Corporate IT Risk
Information Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk
List any licenses or certifications required by the position: CISSP, CISA, CISM, CRISC, I&AM
Education for Information Risk
Typically a job would require a certain level of education.
Employers hiring for the information risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Technical, Information Technology, Education, Business, Information Systems, Management, Engineering, Finance
Skills for Information Risk
Desired skills for information risk include:
Methods
Standards
Operational aspects of the information risk business
Risk management policies
Processes
Governance models
Current industry trends in information risk management
Industry standard risk analysis approaches
Financial services industry and its regulations / laws
PCI
Desired experience for information risk includes:
Develop, publish, and socialized specific positions around existing and emerging Information Risk topics to colleagues and senior management
Extensive experience in a risk and control oriented role
Proven experience in the definition, design, documentation and implementing of operational process including proficient use of process mapping tools Visio
10-15 years progressive experience including first-hand technical experience or front-line management in multiple disciplines (ie
5 years in Financial Services or related industry
Extensive Microsoft office skills (Word, Excel, PowerPoint)
Information Risk Examples
1
Information Risk Job Description
Job Description Example
Our growing company is hiring for an information risk. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk
- Establishing the 1st Line of Defense policies, standards, procedures and processes consistent with the 2nd Line of Defense risk management policies
- Understanding and managing Information and Technology risk associated with the operational processes for the IT division
- Managing risks processes related to IT-wide risk management reporting tool and systems
- Drive and execute business resiliency risk oversight agenda as part of the risk transformation objectives, across governance, enterprise and divisional policy, standards, procedures, risk assessment and treatment, testing, and metrics & reporting
- Establish and rationalize business resiliency risk related policies, standards and procedures at enterprise level, and review divisional policy and procedures for alignment and adherence
- Advising and supporting the PSP Director and team on policy and standards development
- Publishing and managing policies and standards that support the 3LoD Model
- Coordinating ERM policy and standards development between the IT CRO team, ERM risk officers and their teams, divisional risk personnel and division subject matter experts to ensure consistency and to identify and address any gaps in coverage and areas of overlap
- Working closely with the ERM team, divisional risk personnel, division subject matter experts and other IT CRO work-streams to ensure all updates and changes are accounted for within the applicable documents, and are in adherence to any and all program governance requirements pertaining to risk policies and standards
- Coordinate the UAT process for the Credit Data Warehouse implementation the UAT of the exploitation layer (DataMart)
Qualifications for information risk
- Two (2) years experience in audit/compliance/risk, information security audit/risk management or information security
- Oversee and manage all RISE Technology efforts across the organization
- Single point of contact for all RISE technology
- Manage all technology vendor relationships
- Develop and implement appropriate specific risk-based internal control, measures and monitoring mechanisms
- An Understanding of IRM governance, information classification and handling, records management, logical access management and data governance
2
Information Risk Job Description
Job Description Example
Our company is hiring for an information risk. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk
- Utilize a management and reporting tool for compliance and certification processes
- Provide regular updates to key stakeholders on the overall technology risk and resiliency risk posture and recommendation for improvement
- Performing industry and regulatory related research to ensure policies and standard are commensurate with those at the largest financial institutions
- Providing advice, guidance and support to the divisions for related procedures developed
- Lead the efforts to create and manage agile process for controls related work
- Plan and support leadership team in executive and departmental reporting activities and deliverables
- Work with team to identify and improve process and increase efficiency
- Promote and support team collaboration via technology tools such as SharePoint
- Build strong and sustainable relationships and interact within leadership team, team members and external constituents
- Support the dissemination of information, communication of ideas, and management of internal/external communication for the Division/Department Leads
Qualifications for information risk
- Track record of success/high performance in a large, matrix organisation.Relevant professional qualifications
- Minimum Bachelor’s degree in Management Information Systems or other related technology discipline
- Defining, supporting and implementing components of CCB's Identity & Access Management strategy
- BA/BS in information technology, business administration, or related field
- Risk Posture – Working across EUS, assist in developing and maintaining the risk posture with input from lines of business
- Strong team player that can deliver their part deliver the whole team
3
Information Risk Job Description
Job Description Example
Our innovative and growing company is hiring for an information risk. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk
- Maintain all information security policy and standard documentation
- Perform risk assessments utilizing enterprise GRC toolset
- Perform compliance or risk assessment interviews with solution managers, engineers and developers
- Review compliance or assessment artifacts and deliverables for completeness and accuracy
- Write test plans and test results reports in accordance with Church practices
- Document critical security risk findings for urgent resolution
- Generate reporting dashboard metrics or measures for multiple levels of management review
- Coordinate security assessment findings and reports with management, engineers and customers
- Coordinate application vulnerability testing
- Coordinate application penetration tests
Qualifications for information risk
- As an Information Risk Analyst for CCB (Consumer & Community Banking) Reporting and Security Metrics you will be a part of the Security Metrics and Reporting team within the Information Risk and Control function
- Understanding of current macroeconomic trends and how to provide recommendations to improve the PD estimation based on the business cycle
- Minimum 4 years experience rating and/or underwriting at a leading financial institution or rating agency preferred
- Bachelor’s degree from a top tier university with high GPA and a degree (or substantial coursework) in finance, accounting, economics, or statistics required
- Graduate degree with a finance or business emphasis, or Chartered Financial Analyst (CFA) designation, is a preferred
- Exp in the financial ( credit risk area) and/or tech sectors
4
Information Risk Job Description
Job Description Example
Our innovative and growing company is looking for an information risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information risk
- Ensure sensitive data handling systems comply with Church policies and procedures
- Propose and implement approved compliance process improvements
- You will develop, initiate and manage audits
- You will project manage large security related projects to mitigate risks
- You will manage and Improve Risk Assessment Process
- You will manage metrics and monitoring as it pertains to security
- You will review violation reports and investigates security exceptions
- You will ensure compliance of internal policies through departmental audits
- Manages IT controls and compliance functions
- Performing complex operating system, application, and network security investigations
Qualifications for information risk
- Ability to think critically to devise solutions to complex problems (excel at decision-making, consensus building and conflict management
- Experience managing multiple, concurrent security/technology projects involving cross functional groups
- Ability to motivate local geographically diversified colleagues and business partners located in London, Gurgaon and New York
- Scientific, business or economic degree
- Superior analytical skills utilizing SAS and Excel
- Risk Management background in strongly desirable
5
Information Risk Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information risk. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for information risk
- To support the ongoing management of all information risks facing the business, ensuring current processes remain fit for purpose and support the management and mitigation of any exposures
- Providing support and oversight of the risk management processes in the international and non insurance business units
- Performing risk analysis and make risk remediation recommendations
- Documenting standard procedures, assessments and compliance testing results
- Supervising the IT Risk Management team
- Manage relationships with security, technology, business stakeholders and third parties to identify and communicate security risks and mitigation approaches
- Document and implement risk assessment process to be deployed to Sony globally
- Conduct meetings with business technology officers department heads to enforce team to team and intra-team cybersecurity risk based communication
- Help enforce a consistent, organization-wide, response to risk in accordance with the organizational risk framework
- Verify that planned risk response measures are implemented within stated timeframes
Qualifications for information risk
- A degree or professional qualification, relevant to Information Security (such as MSc, CISSP or, CISM or equivalent)
- An understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs
- Working well with others or and individually
- Presenting documentation in a professional and well structured format
- Ability to see the customer perspective, from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits
- Adapting personal approach to suit situations, individuals, groups and cultures