IT Risk Management SME
Information Security
, Information Technology
Canada, US
$70-$80 for Contract, 140,000-150,000 for Fulltime / Year / Year
Job Description
IT Risk Management SME
Primary responsibilities
- Define, develop and update IT risk Mgmt. standards, processes and policies in alignment with enterprise risk requirements and Industry and regulatory standards
- Develop criteria for Quantitative and Qualitative risk assessment
- Perform Quantitative and Qualitative risk assessments
- Develop and maintain IT Risk and control library
- Perform Key Control testing and validation
- Closely monitor changes to Key Policies and procedures and identify emerging risks
- Leverage data to perform root cause and predictive analysis, and provide qualitative and quantitative risk and compliance management report
- Develop Risk appetite metric program (KRIs/KPIs) to provide management a holistic view of the control environment
Cross Functional
- Act as primary lead in the assigned business unit, liaise with technology groups driving out strategic priorities, participate in discussions with a risk-based mindset
- Provides management consulting services in support of Technology and Cyber risks
- Build and nurture strong relationships with business leaders, representatives, and other business partners
- Ensure global, regional and local Technology Risk initiatives are aimed at improving information protection, resiliency and controls of technology processes and services
- Ensure regulatory gaps are communicated to key stakeholders; Advise leaderships on risk-based decisions supporting the completion of risk mitigation and remediation
- Manages complexity risk and compliance initiatives across technology, and information Security.
- Develops and champions best practices within area of expertise, supports Communication and Change Management activities across multiple stakeholders
- Identifies opportunities to strengthen the Risk management capability
- Analyzes trends to proactively maintain strong controls
Technology & Risk Compliance Lead – Mandatory Skills
- 10+ years of Technology, Life sciences or Financial industry work experience with a graduate degree in computer science, engineering, information systems.
- 5+ years of experience in risk and control domain with an ability to analyze and evaluate the observations based on compliance, operations, risk model and performance
- Experience with GRC tools such as Service Now, Risk Lens
- Good data analytics and presentation skills, including advance level fluency in using Excel, Word and PowerPoint and other data analytics dashboard tools such as Tableau, PowerBI
- Ability to communicate complex or detailed technical topics to a non-technical business audience, clearly conveying risk assessments, actions needed, and cost implications
- Good data analytics and reporting skills including advance excel and power point skills and skills to use desktop analytics tools
- Knowledge of software development practice, concepts/methodologies and technology obtained through formal training and/or work experience
- Knowledge of data governance frameworks and how these are implemented in complex and large organizations
- Well versed in the technology issues affecting Life Sciences service organizations and cloud-based application service providers
- Understands the basic tenants of enterprise risk management process (Identify, assess, prioritize, treat and monitor)
Technology & Risk Compliance Lead – Nice to Have Skills
- Understanding of GxP and SoX Compliance
- CRISC, CGEIT, CISA, CISM, and/or Cloud Security certification an asset
- Experience using Service Now and Risk Lens
- Data analytics tools such as Tableau or PowerBI will be an added advantage.