Information Risk Manager Job Description
Information Risk Manager Duties & Responsibilities
To write an effective information risk manager job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Risk Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk Manager
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, ISO, HIPAA, DMZ, DNS, CIPP, FAIR
Education for Information Risk Manager
Typically a job would require a certain level of education.
Employers hiring for the information risk manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Information Technology, Business, Engineering, Education, Information Systems, Management, Technology, Technical
Skills for Information Risk Manager
Desired skills for information risk manager include:
Desired experience for information risk manager includes:
Information Risk Manager Examples
Information Risk Manager Job Description
- Coordination and supervision of the function and technical consistency, consistency of finance and risk processes and ITlogic
- Continue to develop the information security program and controls for both existing and new processes, applications and markets
- Ensuring an appropriate programme steering group is in place, reporting into that group on a regular basis with risk and dependency status and recommendations on any required decisions
- A demonstrable track record of successful delivery, balancing a structured approach with pragmatism
- Experience in a leadership / management role with material Profit & Loss accountability
- A Bachelor’s degree with a concentration in Business, Economics, Engineering or Computer Science (equivalent qualification / work experience)
- Knowledge of the Finance / Controlling domain and end-to-end workflow for banking and trading business (beneficial)
- Knowledge of Credit Risk, Market Risk and the use of quantitative algorithms to calculate probabilities (beneficial)
- Knowledge of Investment Banking, Sales and Trading, Asset Management and similar industries (Beneficial)
- A hands-on manager, able to command the respect of the project team by demonstrating a holistic knowledge of both technical and functional content
- Related professional certification, such as a CISA, CISM, ISO27001 lead auditor or CISSP•Knowledge of financial services
- The planning and implementation of organization-wide strategies, policies and programs for the management of operational security risk
- Has authority and responsibility for all aspects of a significant area of work, including policy formation and application
- Extensive experience in Cyber Security, Information Technology or relevant business area
- Use client data to make sample reports, working with technical teams across the organization in London and Vancouver
- Be the figurehead for local technical inquiries, provide training/workshops to generate interest in solutions
Information Risk Manager Job Description
- Coordinate and support efforts related to the organization’s SOX compliance program by overseeing IT General Controls management processes, assisting in managing the controls environment, tracking control effectiveness, and identifying areas for continuous improvement in striving for continuous compliance effectiveness
- Drive a risk-aware culture and mindset across Danaher operating companies to establish and maintain risk conscious decision making processes and effective risk mitigation and management strategies
- A strong communicator (both verbal and written), able to talk in functional and data terms to clients, embedded architects and senior managers
- Structured but with the ability to adapt, able to work in a fast paced environment with competing and alternating priorities whilst maintaining a constant focus on delivery
- Logical with a structured approach to problem-solving in both near-term (tactical) and mid-long term (strategic) horizons
- Able to drive change recommendations and define detailed agenda’s to enable the fulfilment of best practice process
- Actively monitor trends of operational risk events and report to leadership
- Assess CDO FLU compliance with regulatory requirements and legal obligations on an ongoing basis
- Participate as needed in second line assessments and third line audits
- Continually develop security posture by maintaining appropriate policies, principles and standards
- Champions the cause of Information Risk/Security, including Data Privacy, Records Management, Physical Security, Disaster Recovery Planning (IT System), Logical Access Management, Projects, Security awareness
- Demonstrate knowledge of derivative trading
- Ability to inspire technical confidence, with an applicable background in trading and technology, especially front-office systems
- Able to communicate in native level Japanese and fluent English
- Ability to manage small projects with customers who will primarily be Japanese megabanks
- Industry qualification CISA, CRISC, CISSP, CGEIT is desirable
Information Risk Manager Job Description
- Optimize and streamline operating processes for risk assessments, analysis, and reporting
- Develop and maintain strong business and technology relationships, become a trusted partner, foster collaborative relationships with Corporate functions such as Audit, Corporate IT Risk and Global Technology Infrastructure
- Manage the full lifecycle for performing information risk management functions beginning with risk assessment through articulating business risks to key business stakeholders through manageable and meaningful procedures
- Serve as a consultant to the business to aid in developing appropriate and reasonable risk mitigation strategies and techniques
- Leverage industry standard risk management frameworks to assess and quantify risks according to established security control frameworks and through creation and maintenance of an information risk management process
- Establish positive working relationships with internal and external business partners to resolve risks through effective action planning
- Assimilate knowledge of information security and IT systems to confidently determine and recommend relevant people, process, and technology controls for mitigating and managing business risk to acceptable levels that drives desires business outcomes
- Balance information security risks and business constraints to provide risk-based mitigation recommendations to management
- Confidently communicate to all levels of the organization and achieve desirable outcomes of risk reduction and management within predefined thresholds through the risk management framework
- Qualitatively measure and articulate the overall business risk impact to senior leadership by presenting risk assessment artifacts on a regular basis
- Experience with operational risk analysis, process improvement, end-to-end process reviews, process flow mapping, procedure documentation, and develop of metrics and reporting
- Collaborating cyber privacy and security policies and procedures
- Working knowledge or understanding of a wide range of information security controls and technologies , firewalls, VPN, PKI, encryption, intrusion detection systems, vulnerability & risk management tools and methods, penetration testing, malware identification, common Windows (desktop & server) operating systems, UNIX/Linux platforms
- Experience with applying and supporting common risk management frameworks such as NIST and Critical Security Controls, and familiarity with regulatory control requirements associated with information security and data protection such as ISO 27002, PCI, country and state data privacy and breach laws (US, European, Canadian etc), SSAE-16, SOC1/2
- Experience with IT risk, security, and privacy standards and industry best practice approaches, such as CoBIT, ISO 27005 (Risk), COSO, ITIL, GAPP
- Industry qualification CISA, CRISC (not required)
Information Risk Manager Job Description
- Apply risk assessment concepts to third-party vendors through contractual duties and on-going risk management
- Maintain awareness of changing regulatory and legal landscapes pertaining to information risk management
- Work closely with Danaher and operating company security and IT personnel in a collaborative and goal oriented manner
- Incorporate process re-engineering methodologies to create capacity through driving efficiency and to identify process and control enhancements
- Completing implementation activities ranging from CTB to RTB programs, working with colleagues in core COO Technology, CISO and GIRM and CDO
- Manage a team of Information Technology Security professionals engaged in providing Information Security Services
- Oversee and manage IT Security projects ranging in size, complexity, and scope
- Ensure that the IT Security Policy is implemented for new installations and systems upgrades
- Lead the creation and delivery of solutions as a Security Subject Matter Expert
- Provide guidance to the Security team on new solutions and designs
- Demonstrated relationship building experience/ability to develop relationships with executives, process owners, operational excellence peers and leadership team
- Quantitative educational background is preferred
- You worked on risk related solutions
- You worked in risk related solutions
- You are willing to travel and fluent in Dutch, French and English
- Strong communication skills, partnership and influencing abilities, and the creativity
Information Risk Manager Job Description
- Act as an escalation point for vendor risk assessment results on vendors being used by EBS, Reuters News, and Enabling Functions
- Proactively work with other BISO teams to share knowledge of initiatives in EBS and Enabling functions that have a security impact on the CTO BU teams
- Enhance and maintain the Information Security risk assessment methodology and framework
- Measure maturity of risk posture over time as evidenced by appropriate reporting of risk metrics including at the board level
- Develop core data architecture to support IS risk platform integration with broader information security capabilities
- Provide expertise and leadership in relevant risk committees as appropriate on behalf of IT Risk and Information Security
- Lead the rationalization of multiple disparate security assessments to help create a uniform risk assessment input queue, risk rubric, and assessment framework
- Perform technical IT/IS risk assessments and control effectiveness assessments using a combination of available metrics and expert interviews
- Produce reports and presentations to clearly communicate assessment results on a regular basis to senior leadership
- Produce meaningful risk metrics that are consumable by multiple levels in the organization including IS & IT management, Enterprise Risk Management, Executive Management and auditor and regulators
- Knowledge of Information Security Standards (ISO 27001/27002, ITIL, ) preferred
- 10-15 years progressive experience including first-hand technical experience or front-line management in multiple disciplines
- Experience managing functional business and technical teams in a large and complex environment to deliver related capabilities and services
- BS/BA required and MBA or other advanced degree desired, preferably from top tier institutions
- Excellent program/project management and execution skills, with the ability to prioritize for business outcomes and lead groups to meet deadlines
- Ability to adapt and respond appropriately to change and manage through complexity