Information Security Risk Manager Job Description
Information Security Risk Manager Duties & Responsibilities
To write an effective information security risk manager job description, begin by listing detailed duties, responsibilities and expectations. We have included information security risk manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Security Risk Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Risk Manager
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, ISO, II, IAM, ITIL, SANS, CBSS
Education for Information Security Risk Manager
Typically a job would require a certain level of education.
Employers hiring for the information security risk manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Information Systems, Engineering, Business, Education, Information Technology, Management, Technology, Technical
Skills for Information Security Risk Manager
Desired skills for information security risk manager include:
Desired experience for information security risk manager includes:
Information Security Risk Manager Examples
Information Security Risk Manager Job Description
- Supervise and manage the performance of IT Compliance Risk Analyst(s)
- Respond to audit findings, define and track remediation projects, and ensure ongoing compliance with required regulatory standards
- Support periodic risk assessments and identify strategic opportunities to adopt industry-leading security and compliance standards
- Regularly liaise with business development, client solutions, and engineering/development teams to ensure compliance requirements are adhered to in product development and support
- Service Organizational Control compliance and reporting knowledge highly desirable
- Manage and conduct Users Access Certifications with managers and data owners using SailPoint Identity IQ • Report results from standard, regulatory, and ad-hoc risk assessments to Information Security management, business owners, and Information System sponsors
- Manage a team of Information Security professionals in delivering key assignments IT Forensic & E-Discovery assignments
- Lead, manage and develop client relationships, ensuring client service levels are maintained
- Draft reports and other formal outputs and ensure quality of such deliverables
- Build and contribute to the reputation of the group within the Irish market
- A strong understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, vulnerability scanning
- Experience with agile project management and process improvement methodologies
- Strong track record in information security risk management
- Solid eGRC tool management experience
- Track record of successful liaison with Audit/Legal and Enterprise Risk Management (ERM) functions
- Skilled at preparing risk readouts and reporting for all levels of the company – from operational risk remediation efforts through to Executive and Board level presentation materials
Information Security Risk Manager Job Description
- Manages department staff including hiring, evaluating performance and competency conducting disciplinary and counseling sessions as needed
- Act as primary contact with internal and external auditors during the execution of the global IT Sarbanes-Oxley Act control assessment
- Operate as a key Company contact to advise on questions related to risk, vulnerabilities and other similar changes to the Company’s infrastructure and application environments
- Oversee a program for Cloud Governance and third-party applications that will enable proactive management of associated risks
- Stay up to speed on new initiatives, projects and changes and understand the impact to the Company’s security posture
- Oversee an Access Management program that engages various process owners across departments to proactively manage risk
- Manage and maintain the integrity of the Company’s security designs within key financial systems and the environments supporting those systems
- Aid in development of security awareness training and awareness initiatives for both business and IT departments
- Collaborate on critical IT projects to ensure that access and security issues are addressed throughout a project’s life cycle
- Oversee Controls Readiness Assessment program that engages various process owners across departments to proactively identify control gaps
- Experience in developing and documenting policies & procedures, including workflow process improvements
- The successful Information Security Risk Manager must have expert and extensive Information Security Risk and Operational Risk knowledge to face off appropriately to the different risk managers in the Group and also external parties
- Strong knowledge of information management concepts and practices
- Work in a collaborative team analysing client issues and interviewing key personnel
- Assist with the development of recommendations and presentations for client engagements participate in the elaboration of project strategies and work processes
- Identify issues and define symptoms
Information Security Risk Manager Job Description
- Support the development of business unit scorecards to report compliance and risk metrics to drive change
- Tracking and reporting on key information security priorities such as compliance of applications to the information security policy, patching of applications and critical supporting infrastructure, and vulnerability management
- Conduct risk reviews of business and technology initiated projects helping to drive adoption of application and infrastructure security control and best practises
- Conduct risk reviews of 3rd party systems and applications to assess the standard and proprietary application security controls used by the application
- Investigate, coordinate and address information security incidents
- Drive China participation in global and regional Information Security programs and activities including
- Manages the security awareness program, ensuring that all employees and contractors understand the bank’s information security program and policies
- Report on the health of the IT SOX program through coordinating the annual SOX certification, generating quarterly metrics, identifying trends in gaps, and implementing tools to perform these activities
- Maintain and implement the processes for the enterprise IT audit calendar and IT audit issue tracker, including implementing any tools to support these activities
- Maintain the SOX application inventory, including annual verification, quarterly reconciliation, approvals of inventory flag changes in CMDB, and coordination of position paper submissions
- Knowledge of operating systems (UNIX/Linux, Windows), of database management systems (Oracle, SQL Server, Sybase, ) or telecommunications (router, hub, firewall)
- Possesses or has the intention to complete the training leading to the acquisition of the CISSP designation
- Maintain excellent interpersonal relations and demonstrate an ability to work effectively as part of a team
- Show large amount of autonomy
- Possess a great sense of client service and exceed clients' expectations while remaining committed to the firm's objectives and vision
- Systematically analyse and identify problems in order to determine the causes and propose solutions
Information Security Risk Manager Job Description
- Provide guidance on information security processes, controls, and compliance, and information security risk management to team members
- Provide Subject Matter expertise and training to IT and ISRM individuals on SOX requirements and testing
- Coordinate the SOX pre-certification call with CIA/PwC, ensure completeness and accuracy of the SOX certificate for IT Shared Services (MRC 9975) and coordinate signature of the Annual and Executive certificates by IT Shared Services senior management
- Identify and implement continuous process improvement of the IT SOX PMO
- Design, deliver, and manage the security risk management portfolio
- Establish and maintain relationships with key partners in the security, risk, legal, privacy, finance, and enterprise planning groups
- Drive consistency and clarity in risk management data models, analysis, and operating procedures
- Engage stakeholders and partners to drive key remediation and mitigation efforts
- Provide real-time and periodic views into data and models that give business decision-makers the security risk insights they need
- Participate in the continuous evolution of security within a team of highly skilled and passionate professionals
- Experienced IT Manager or Corporate Information/IT Security Officer with broad and in-depth technical, analytical, and conceptual skills mature risk management and governance experience
- Proven experience to initiate and manage projects that will affect NIBR the corporate environment
- A credible track record of improving the productivity of delivery
- Strong VB development experience
- Subject Matter Expertise in the Information Security space, incorporating technical, process and operational elements
- Knowledge of state and federal guidelines on privacy, transactions and security
Information Security Risk Manager Job Description
- Lead security risk assessments to ensure compliance with regulatory mandates, corporate security policies and adherence to best practices
- Familiarity with control and security techniques involving password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery, disaster recovery, business continuity management, …
- Develop KPI and KRI to manage team performance and key risk that can impact organizational compliance and regulatory requirements
- Act as a liaison to the business and IT groups and assists them in the implementation of data privacy, compliance requirements, and information security technologies and applications security
- ISRM relationship management with Reuters, EBS and Business Enabling Functions
- To build effective relationships and communications with cross functional teams including key stakeholder groups
- Manage issues, track remediation and register risks in partnership with the business units and ISRM
- Governance of penetration testing, application assurance, application certification and awareness programs with the business to address security vulnerabilities identified in applications and infrastructure
- Collaborate with the security architects to discuss potential solutions supporting the business strategy
- Drives service level agreements as needed with stakeholder groups
- Ability to prioritize tasks for self and team to meet requirements and deadlines
- Strong knowledge and understanding of risk and control assessment methodologies
- Experience with developing, documenting and maintaining security policies, processes, procedures and standards required
- Should be able to work as a team player
- CISM/CRISC Certified
- Minimum of 3+ years of experience in Information Security with a proven track record of success with implementing technology projects and processes (experience can be concurrent)