IT Risk Management SME

Information Security

,

Information Technology

Canada, US

$70-$80 for Contract, 140,000-150,000 for Fulltime / Year / Year

Job Description

IT Risk Management SME

Primary responsibilities

  • Define, develop and update IT risk Mgmt. standards, processes and policies in alignment with enterprise risk requirements and Industry and regulatory standards
  • Develop criteria for Quantitative and Qualitative risk assessment
  • Perform Quantitative and Qualitative risk assessments
  • Develop and maintain IT Risk and control library
  • Perform Key Control testing and validation
  • Closely monitor changes to Key Policies and procedures and identify emerging risks
  • Leverage data to perform root cause and predictive analysis, and provide qualitative and quantitative risk and compliance management report
  • Develop Risk appetite metric program (KRIs/KPIs) to provide management a holistic view of the control environment

Cross Functional

  • Act as primary lead in the assigned business unit, liaise with technology groups driving out strategic priorities, participate in discussions with a risk-based mindset
  • Provides management consulting services in support of Technology and Cyber risks
  • Build and nurture strong relationships with business leaders, representatives, and other business partners
  • Ensure global, regional and local Technology Risk initiatives are aimed at improving information protection, resiliency and controls of technology processes and services
  • Ensure regulatory gaps are communicated to key stakeholders; Advise leaderships on risk-based decisions supporting the completion of risk mitigation and remediation
  • Manages complexity risk and compliance initiatives across technology, and information Security.
  • Develops and champions best practices within area of expertise, supports Communication and Change Management activities across multiple stakeholders
  • Identifies opportunities to strengthen the Risk management capability
  • Analyzes trends to proactively maintain strong controls

Technology & Risk Compliance Lead – Mandatory Skills

  • 10+ years of Technology, Life sciences or Financial industry work experience with a graduate degree in computer science, engineering, information systems.
  • 5+ years of experience in risk and control domain with an ability to analyze and evaluate the observations based on compliance, operations, risk model and performance
  • Experience with GRC tools such as  Service Now, Risk Lens
  • Good data analytics and presentation skills, including advance level fluency in using Excel, Word and PowerPoint and other data analytics dashboard tools such as Tableau, PowerBI
  • Ability to communicate complex or detailed technical topics to a non-technical business audience, clearly conveying risk assessments, actions needed, and cost implications
  • Good data analytics and reporting skills including advance excel and power point skills and skills to use desktop analytics tools
  • Knowledge of software development practice, concepts/methodologies and technology obtained through formal training and/or work experience
  • Knowledge of data governance frameworks and how these are implemented in complex and large organizations
  • Well versed in the technology issues affecting Life Sciences service organizations and cloud-based application service providers
  • Understands the basic tenants of enterprise risk management process (Identify, assess, prioritize, treat and monitor)

Technology & Risk Compliance Lead – Nice to Have Skills

  • Understanding of GxP and SoX Compliance
  • CRISC, CGEIT, CISA, CISM, and/or Cloud Security certification an asset
  • Experience using Service Now and Risk Lens
  • Data analytics tools such as Tableau or PowerBI will be an added advantage.

Apply for job