Information Risk Manager Job Description
Information risk manager
provides subject matter expertise and drive enhancements for one or more security information security compliance authoritative sources (Gramm-Leach-Bliley Act, FFIEC IT Handbooks, etc.).
Information Risk Manager Duties & Responsibilities
To write an effective information risk manager job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Help to improve the productivity of the UK ISRM delivery organisation, driving improvements to our processes or technology changes and actively seek to remove roadblocks
Drive the IT Risk and Security Agenda for Argentina
Audits or consults on information risk management practices to various constituents within a LOB or across the firm, externally, including regulatory bodies
Develop the detailed frameworks to support the implementation of LAM / EUC
Define generic material for awareness and training specific training material to cater for specific in-Cluster needs
Continuously enhance corporate expertise by analysing its drivers, key indicators, relationships and trends
Drive project scoping activities
Project data reporting to portfolio
Cost/data analysis, trend analysis
Perform risk assessment and control reviews of third parties and services
Information Risk Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk Manager
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, ISO, HIPAA, DMZ, DNS, CIPP, FAIR
Education for Information Risk Manager
Typically a job would require a certain level of education.
Employers hiring for the information risk manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Information Technology, Business, Engineering, Education, Information Systems, Management, Technology, Technical
Skills for Information Risk Manager
Desired skills for information risk manager include:
Gramm-Leach Bliley Act
RESPA
Regulations affecting the Credit Card industry
Current regulatory impact and expectations on technology per Sarbanes Oxley
Frank-Dodd
Banking business
Financial institution
Financial markets
Processes
Rules and regulations
Desired experience for information risk manager includes:
Ability to partner with colleagues and develop positive working relationships to create an open environment for sharing risk identification and resolution practices
Able to work independently manage project teams by providing oversight and directly influencing change
The incumbent must be able to partner across the technology and business teams to maximize the quality, integration and effectiveness of the risk management coverage
Solid understanding of internal risk and control concepts
Strong written and oral communication skills and the ability to interact with senior management
Preferred backgrounds are Risk Management Assessment / Audit / Control Self-Assessment Experience
Information Risk Manager Examples
1
Information Risk Manager Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of information risk manager. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information risk manager
- Coordination and supervision of the function and technical consistency, consistency of finance and risk processes and ITlogic
- Continue to develop the information security program and controls for both existing and new processes, applications and markets
- Ensuring an appropriate programme steering group is in place, reporting into that group on a regular basis with risk and dependency status and recommendations on any required decisions
- A demonstrable track record of successful delivery, balancing a structured approach with pragmatism
- Experience in a leadership / management role with material Profit & Loss accountability
- A Bachelor’s degree with a concentration in Business, Economics, Engineering or Computer Science (equivalent qualification / work experience)
- Knowledge of the Finance / Controlling domain and end-to-end workflow for banking and trading business (beneficial)
- Knowledge of Credit Risk, Market Risk and the use of quantitative algorithms to calculate probabilities (beneficial)
- Knowledge of Investment Banking, Sales and Trading, Asset Management and similar industries (Beneficial)
- A hands-on manager, able to command the respect of the project team by demonstrating a holistic knowledge of both technical and functional content
Qualifications for information risk manager
- Related professional certification, such as a CISA, CISM, ISO27001 lead auditor or CISSP•Knowledge of financial services
- The planning and implementation of organization-wide strategies, policies and programs for the management of operational security risk
- Has authority and responsibility for all aspects of a significant area of work, including policy formation and application
- Extensive experience in Cyber Security, Information Technology or relevant business area
- Use client data to make sample reports, working with technical teams across the organization in London and Vancouver
- Be the figurehead for local technical inquiries, provide training/workshops to generate interest in solutions
2
Information Risk Manager Job Description
Job Description Example
Our company is growing rapidly and is looking for an information risk manager. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk manager
- Coordinate and support efforts related to the organization’s SOX compliance program by overseeing IT General Controls management processes, assisting in managing the controls environment, tracking control effectiveness, and identifying areas for continuous improvement in striving for continuous compliance effectiveness
- Drive a risk-aware culture and mindset across Danaher operating companies to establish and maintain risk conscious decision making processes and effective risk mitigation and management strategies
- A strong communicator (both verbal and written), able to talk in functional and data terms to clients, embedded architects and senior managers
- Structured but with the ability to adapt, able to work in a fast paced environment with competing and alternating priorities whilst maintaining a constant focus on delivery
- Logical with a structured approach to problem-solving in both near-term (tactical) and mid-long term (strategic) horizons
- Able to drive change recommendations and define detailed agenda’s to enable the fulfilment of best practice process
- Actively monitor trends of operational risk events and report to leadership
- Assess CDO FLU compliance with regulatory requirements and legal obligations on an ongoing basis
- Participate as needed in second line assessments and third line audits
- Continually develop security posture by maintaining appropriate policies, principles and standards
Qualifications for information risk manager
- Champions the cause of Information Risk/Security, including Data Privacy, Records Management, Physical Security, Disaster Recovery Planning (IT System), Logical Access Management, Projects, Security awareness
- Demonstrate knowledge of derivative trading
- Ability to inspire technical confidence, with an applicable background in trading and technology, especially front-office systems
- Able to communicate in native level Japanese and fluent English
- Ability to manage small projects with customers who will primarily be Japanese megabanks
- Industry qualification CISA, CRISC, CISSP, CGEIT is desirable
3
Information Risk Manager Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of information risk manager. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information risk manager
- Optimize and streamline operating processes for risk assessments, analysis, and reporting
- Develop and maintain strong business and technology relationships, become a trusted partner, foster collaborative relationships with Corporate functions such as Audit, Corporate IT Risk and Global Technology Infrastructure
- Manage the full lifecycle for performing information risk management functions beginning with risk assessment through articulating business risks to key business stakeholders through manageable and meaningful procedures
- Serve as a consultant to the business to aid in developing appropriate and reasonable risk mitigation strategies and techniques
- Leverage industry standard risk management frameworks to assess and quantify risks according to established security control frameworks and through creation and maintenance of an information risk management process
- Establish positive working relationships with internal and external business partners to resolve risks through effective action planning
- Assimilate knowledge of information security and IT systems to confidently determine and recommend relevant people, process, and technology controls for mitigating and managing business risk to acceptable levels that drives desires business outcomes
- Balance information security risks and business constraints to provide risk-based mitigation recommendations to management
- Confidently communicate to all levels of the organization and achieve desirable outcomes of risk reduction and management within predefined thresholds through the risk management framework
- Qualitatively measure and articulate the overall business risk impact to senior leadership by presenting risk assessment artifacts on a regular basis
Qualifications for information risk manager
- Experience with operational risk analysis, process improvement, end-to-end process reviews, process flow mapping, procedure documentation, and develop of metrics and reporting
- Collaborating cyber privacy and security policies and procedures
- Working knowledge or understanding of a wide range of information security controls and technologies , firewalls, VPN, PKI, encryption, intrusion detection systems, vulnerability & risk management tools and methods, penetration testing, malware identification, common Windows (desktop & server) operating systems, UNIX/Linux platforms
- Experience with applying and supporting common risk management frameworks such as NIST and Critical Security Controls, and familiarity with regulatory control requirements associated with information security and data protection such as ISO 27002, PCI, country and state data privacy and breach laws (US, European, Canadian etc), SSAE-16, SOC1/2
- Experience with IT risk, security, and privacy standards and industry best practice approaches, such as CoBIT, ISO 27005 (Risk), COSO, ITIL, GAPP
- Industry qualification CISA, CRISC (not required)
4
Information Risk Manager Job Description
Job Description Example
Our company is looking for an information risk manager. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk manager
- Apply risk assessment concepts to third-party vendors through contractual duties and on-going risk management
- Maintain awareness of changing regulatory and legal landscapes pertaining to information risk management
- Work closely with Danaher and operating company security and IT personnel in a collaborative and goal oriented manner
- Incorporate process re-engineering methodologies to create capacity through driving efficiency and to identify process and control enhancements
- Completing implementation activities ranging from CTB to RTB programs, working with colleagues in core COO Technology, CISO and GIRM and CDO
- Manage a team of Information Technology Security professionals engaged in providing Information Security Services
- Oversee and manage IT Security projects ranging in size, complexity, and scope
- Ensure that the IT Security Policy is implemented for new installations and systems upgrades
- Lead the creation and delivery of solutions as a Security Subject Matter Expert
- Provide guidance to the Security team on new solutions and designs
Qualifications for information risk manager
- Demonstrated relationship building experience/ability to develop relationships with executives, process owners, operational excellence peers and leadership team
- Quantitative educational background is preferred
- You worked on risk related solutions
- You worked in risk related solutions
- You are willing to travel and fluent in Dutch, French and English
- Strong communication skills, partnership and influencing abilities, and the creativity
5
Information Risk Manager Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of information risk manager. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk manager
- Act as an escalation point for vendor risk assessment results on vendors being used by EBS, Reuters News, and Enabling Functions
- Proactively work with other BISO teams to share knowledge of initiatives in EBS and Enabling functions that have a security impact on the CTO BU teams
- Enhance and maintain the Information Security risk assessment methodology and framework
- Measure maturity of risk posture over time as evidenced by appropriate reporting of risk metrics including at the board level
- Develop core data architecture to support IS risk platform integration with broader information security capabilities
- Provide expertise and leadership in relevant risk committees as appropriate on behalf of IT Risk and Information Security
- Lead the rationalization of multiple disparate security assessments to help create a uniform risk assessment input queue, risk rubric, and assessment framework
- Perform technical IT/IS risk assessments and control effectiveness assessments using a combination of available metrics and expert interviews
- Produce reports and presentations to clearly communicate assessment results on a regular basis to senior leadership
- Produce meaningful risk metrics that are consumable by multiple levels in the organization including IS & IT management, Enterprise Risk Management, Executive Management and auditor and regulators
Qualifications for information risk manager
- Knowledge of Information Security Standards (ISO 27001/27002, ITIL, ) preferred
- 10-15 years progressive experience including first-hand technical experience or front-line management in multiple disciplines
- Experience managing functional business and technical teams in a large and complex environment to deliver related capabilities and services
- BS/BA required and MBA or other advanced degree desired, preferably from top tier institutions
- Excellent program/project management and execution skills, with the ability to prioritize for business outcomes and lead groups to meet deadlines
- Ability to adapt and respond appropriately to change and manage through complexity