Information Risk Lead Job Description
Information Risk Lead Duties & Responsibilities
To write an effective information risk lead job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk lead job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Risk Lead Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk Lead
List any licenses or certifications required by the position: CISA, CISM, CRISC, CISSP, CICA, I&AM, ISACA
Education for Information Risk Lead
Typically a job would require a certain level of education.
Employers hiring for the information risk lead job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Technical, Computer Science, Education, Business, Technology, Management, Information Technology, Information Security, Business/Administration, Finance
Skills for Information Risk Lead
Desired skills for information risk lead include:
Desired experience for information risk lead includes:
Information Risk Lead Examples
Information Risk Lead Job Description
- Produce training materials
- Support ad-hoc reporting needs for all supported services
- Risk education, risk champion – facilitate knowledge and insight into engineering and operations teams
- Ensure regular and continuous risk assessment by teams ensuring consistent and quality testing
- Communications – customer advisory board forum
- Assist with the annual RCSA program for RFT, including setting up workshops to identify inherent risk and to request appropriate evidence for Controls
- Perform the role of the Software Security Champion (SSC) for CCB
- Execute and manage RCSA program for CT&R, including being part of workshops to identify inherent risk and to request appropriate evidence for controls
- Execute and manage the Quality review for Application Risk Assessment & Application Control Assessment
- Maintain inventory for Applications & respective categorization
- Represent CTR organization in No
- Outstanding listening and negotiation skills being a strong written and verbal communicator at the senior management level
- Ability to partner closely with related functions (Sourcing, Legal& Compliance, Audit, ) to ensure a coordinated and effective program
- Representative for vendor assessments, gaps, risks, controls, and status of posture for current and new vendors
- Develop and maintain strong relationship with key departments, particularly (Corporate Senior Information Risk Officers (CSIRO), Relationship Managers, Legal and Procurement, who are actively involved in Vendor on-boarding and overall management
- Continuously monitor and ensure a high level of quality and accuracy are maintained on reviews, work papers, risk statements, and management reports
Information Risk Lead Job Description
- Create and provide reports of vendors on a monthly, quarterly, and annual basis relating to vendor control posture, statistics on types of vendors, and vendor risks
- Stay abreast of changes relating to global regulatory requirements regarding 3rd party Vendor Risk Management
- Vendor risk assessments
- Risk reporting and metrics on assessments of new and existing vendors
- Vendor risk assessment alignment and partnership with key stakeholders
- Demand (Intake process) and Capacity Planning – Simplify the project intake process working toward continuous improvement, training of all stakeholders and continually increasing throughput
- Lead resource for the Application Assessment program including initial interviews regarding standard controls usage for applications in scope
- Perform testing of the evidence submitted to validate it justifies control effectiveness
- Provide SME and training to IT associates in areas of ISRM such as IAPP, Information Security, and Project Risk Management
- Individual must be a self-starter and have a passion to tackle challenges in an efficient and effective manner
- Pragmatic approach and excellent verbal and written communication skills
- Experience balancing risks with controls
- Organized, methodical and analytical
- Written and verbal presentation skills to a wide variety of senior managers across the organization
- University graduate with a minimum of five years’ solid experience in business continuity and/or information risk management and
- Minimum of 5 years conducting 3rd Party vendor risk assessments within the financial markets, with at least 7+ years of working experience in risk management
Information Risk Lead Job Description
- Continuously strive to improve the methodology and processes around Vendor Risk Assessments
- Drive all aspects of the risk assessment of third party providers –particularly for China and Japan
- Finalize annual testing plan in agreement with management
- Oversight of BAU IT Interface scoping process, during beginning of year (BOY) control review and throughout the year
- Execution of interface testing in line with plans/scripts
- Provide subject matter expert guidance related to IT Interface controls to GF IT Controls testers and IT application owners
- Ensure that Data Interface IT Control Framework is periodically reviewed and updated as required
- Executes information risk management practices and control
- Provide advisory and guidance in related area
- Perform and validate Information and Vendor Risk assessment
- CISA, CISM, CRISC or CISSP required
- Assist with the review and preparation of financial reporting and schedules
- Experience with implementation and oversight of technology controls
- Interpret, summarize and present findings in understandable documentation that may include charts, graphs, reports
- Minimum of seven years banking experience, experience in risk functions, specialized experience/expertise in business segment, or demonstrate the ability to perform at proficient level of competence to meet duties
- Effective and decisive decision making skills ability to build consensus
Information Risk Lead Job Description
- Regular assessment
- Participate in Country Governance a
- Understanding local technology risk regulatory requirements and provide guidance
- Liaise with Auditor and regulatory
- Maintain security product roadmaps for assigned control area
- Manage and prioritize the data protection book of work ensuring adherence to roadmaps, regulatory compliance and improving long term delivery planning
- Engage with executive stakeholders to identify business demand and prioritize it on the roadmap
- Identify and work with engineering and operations to close gaps in existing product portfolio applying new solutions or if necessary introducing new requirements
- Align expectations, minimize churn and avoid incomplete solution delivery
- Manage vendor relationships to ensure roadmap collaboration, SLA management and ongoing communications to influence strategic product planning
- Bachelor’s degree or equivalent (MS and/or advanced degree is a plus)
- English language communication (Spanish is a plus)
- Knowledge of company, business and regulatory trends (knowledge of key business processes is a plus)
- Information Security & Risk Management certifications is a plus (CISM, CISSP)
- Working knowledge of COBIT and / or ITIL is a plus
- Experience with standard GRC processes
Information Risk Lead Job Description
- Work closely with engineering owners and the Core Infrastructure Team to ensure day to day activities have the appropriate priority and have strong alignment to roadmap
- Manage dependencies within and outside of the product portfolio
- Partner with Security Architecture and Infrastructure for early access to new products requirements
- Broaden engagement with Risk and CTO organizations to align roadmaps with target state architecture
- Work across Firm to enable and monitor product adoption
- Identify opportunities for improving supplier risk posture JPMC's supplier risk management processes, including expanded monitoring, KRI tracking
- Support internal education and best practices sharing with peers and colleagues, supplier education & awareness, as needed
- Lead, coordinate and assist with the planning of risk and audit efforts to ensure successful and timely completion of assignments
- Train, educate, supervise, and assist in evaluating new and lower level IT audit and risk staff
- Maintain working knowledge of information technology, risk, audit, security and privacy practices, tools, processes and requirements
- CISSP or ability to pass exam(s) within 90 days
- Extensive experience working in Information Security ideally within a financial institution handling security incidents, compliance, providing support and dealing with business users on support or requirement gathering
- Familiarity of working in large organizations – understanding of where to use processes and how to build and operate a network
- A team player and works well with the peer teams within End User Services, platform security engineering and service providers who run many aspects of the service
- Experience working with virtual and global teams / Intercultural awareness and within matrixed environments
- Proven experience in Symantec products (Antivirus, DLP), Tenable Vulnerability management, Avecto Defend point, Splunk, Cyberark