Job Description :
Job Description
The Information Risk Lead Specialist supports the Information Risk Principle and the wider global Information Risk Management (IRM) Technology Project Risk Assurance (TPRA) team. The IRM TRPA team although managed out of London, provides this service globally across all regions.
Sh/e will drive and support the development of strategic program elements and provide input to risk prioritization, including the development and implementation of key metrics (KRIs, KPIs), and support the development of information risk strategic program elements creating business value and helping to streamline technology development.
Sh/e will review internal and external IT projects and applications for risk issues and ensure adherence to security policies and industry best practices and security controls.
Sh/e must have detailed knowledge and understanding of meeting operational and technical information security and risk compliance requirements within a complex regulatory environment.
Sh/e drives the enforcement and interpretation information risk policies and standards and collaborates with other subject matter experts to determine business/project impact
Sh/e will drive and support the development of strategic program elements and provide input to risk prioritization, including the development and implementation of key metrics (KRIs, KPIs), and support the development of information risk strategic program elements creating business value and helping to streamline technology development.
Sh/e will review internal and external IT projects and applications for risk issues and ensure adherence to security policies and industry best practices and security controls.
Sh/e must have detailed knowledge and understanding of meeting operational and technical information security and risk compliance requirements within a complex regulatory environment.
Must haves:
Project launch reviews with initial inherent risk and complexity assessment, reviewing business case, project objectives and KPIs
Evidence based control effectiveness assurance reviews of specific work streams or delivery areas crucial to the success of the program, leveraging wider subject matter experts
Check point reviews at key transition phases to provide assurance that readiness criteria to progress to the next phase have been met
Pre-implementation readiness reviews, assessing implementation risks and providing assurance over testing results
Work with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
Periodic (e.g. monthly / quarterly independent assurance report over program status, assessing residual risk across key decision points, identify risks and advise on required actions
On-going program performance tracking, including oversight of key control processes such as risk & issue and contingency management, via intelligent PMO function reporting into program Sponsor and Steering Committee
Attend key meetings across the organization – dealing with all levels of stakeholders from C level to technical subject matter experts.
Planning, execution and delivery of risk-based initiatives and projects
Significant experience in one or more financial industry risk, compliance, control and governance disciplines
In-depth understanding of information security principles and best practices across the industry as well as project management principles
Strong stakeholder management, relationship-building, collaboration and presentational capabilities.
Experience of carrying out risk reviews, technology audits or other similar work
A thorough understanding of Risk Assessment approaches and methodologies
A strong sense of proportionality, reasonableness and cost with respect to risk response
Ability to manage through highly sensitive situations with highest level of discretion
A strong understanding of residual risk and risk mitigation
A strong bias toward quantitative risk data rather than subjective reporting is required
Experience in maturing a risk organization toward a quantitative approach to reporting is highly desirable
Strong experience in a Technology Risk, Information Risk, Information Security or an IT Audit role
Advanced degree preferred – MSc in IT Security
Bachelor’s Degree or equivalent work experience required.
Certified Information Systems Security Professional (CISSP) required, additional security certifications advantageous e.g. Certified Information Security Manager (CISM) or Certified in Risk Information Security Control (CRISC), Certified Information Security Auditor (CISA)
Proven experience of project management on the basis of an industry standard methodology - a Project Management qualification an advantage (PMI or PrinceYear)