Information Risk Lead Job Description
Information risk lead
provides operational risk and control advice to business lines on technology risk priorities, industry best practices, and emerging trends to enhance risk mitigation strategies.
Information Risk Lead Duties & Responsibilities
To write an effective information risk lead job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk lead job description templates that you can modify and use.
Sample responsibilities for this position include:
Work closely with IPB Technology groups to ensure quality and consistency of Control Self Assessment (CSA) reviews and Sarbanes-Oxley (SOX) testing
Continued focus on the Automation efforts for SOX testing
Support internal education and best practices sharing with peers and colleagues, third party education & awareness, as needed
Assist the business in achieving security certifications
Work in coordination with risk management to execute corporate programs, leveraging key processes such as Re-certifications, Third Party Provider Reviews, Technical Recovery Action Plans
Provide leadership, subject matter expertise and support to technology and business partners, other LOB IRMs with regional responsibility, to build clear understanding and transparent management of information technology risk
Ensure technology control gaps are documented clearly and remediation plans are developed to address them investigating and resolving control incidents
Development and ongoing support of Reporting for Risk Technology to the Risk Organization (business) breaking down data to provide Risk Stripes with their specific view of the current state of Controls and Residual Risk
Oversight & management of a multi-disciplined GTI TP-IRM Assessment Team
Ensure that technology control issues and gaps are documented clearly and that realistic remediation plans are developed to address them, investigating and resolving control incidents
Information Risk Lead Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk Lead
List any licenses or certifications required by the position: CISA, CISM, CRISC, CISSP, CICA, I&AM, ISACA
Education for Information Risk Lead
Typically a job would require a certain level of education.
Employers hiring for the information risk lead job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Technical, Computer Science, Education, Business, Technology, Management, Information Technology, Information Security, Business/Administration, Finance
Skills for Information Risk Lead
Desired skills for information risk lead include:
Technology risk management and industry best practices
Technology risk and control environment and an understanding of industry IT Risk best practices
Tools like Fortify
Veracode desirable
SOX
Data protection strategies
Network and system vulnerabilities
PCI
Corporate Risks
Gramm-Leach Bliley Act
Desired experience for information risk lead includes:
Significant experience in of Audit, Information Risk Consulting, Systems Development, or Distributed Environments
Based in Mumbai
Industry qualification CISA, CRISC
Interface with AD teams on an on-going basis for BAU risk activities project initiatives
Needs to be able to work independently in a team environment, demonstrating creativity and an ability to check work conscientiously for errors and make decisions based on priorities, time constraints and risks
Identifies potential information security risks/threats and notifies senior management
Information Risk Lead Examples
1
Information Risk Lead Job Description
Job Description Example
Our company is looking to fill the role of information risk lead. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information risk lead
- Produce training materials
- Support ad-hoc reporting needs for all supported services
- Risk education, risk champion – facilitate knowledge and insight into engineering and operations teams
- Ensure regular and continuous risk assessment by teams ensuring consistent and quality testing
- Communications – customer advisory board forum
- Assist with the annual RCSA program for RFT, including setting up workshops to identify inherent risk and to request appropriate evidence for Controls
- Perform the role of the Software Security Champion (SSC) for CCB
- Execute and manage RCSA program for CT&R, including being part of workshops to identify inherent risk and to request appropriate evidence for controls
- Execute and manage the Quality review for Application Risk Assessment & Application Control Assessment
- Maintain inventory for Applications & respective categorization
Qualifications for information risk lead
- Represent CTR organization in No
- Outstanding listening and negotiation skills being a strong written and verbal communicator at the senior management level
- Ability to partner closely with related functions (Sourcing, Legal& Compliance, Audit, ) to ensure a coordinated and effective program
- Representative for vendor assessments, gaps, risks, controls, and status of posture for current and new vendors
- Develop and maintain strong relationship with key departments, particularly (Corporate Senior Information Risk Officers (CSIRO), Relationship Managers, Legal and Procurement, who are actively involved in Vendor on-boarding and overall management
- Continuously monitor and ensure a high level of quality and accuracy are maintained on reviews, work papers, risk statements, and management reports
2
Information Risk Lead Job Description
Job Description Example
Our growing company is looking to fill the role of information risk lead. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information risk lead
- Create and provide reports of vendors on a monthly, quarterly, and annual basis relating to vendor control posture, statistics on types of vendors, and vendor risks
- Stay abreast of changes relating to global regulatory requirements regarding 3rd party Vendor Risk Management
- Vendor risk assessments
- Risk reporting and metrics on assessments of new and existing vendors
- Vendor risk assessment alignment and partnership with key stakeholders
- Demand (Intake process) and Capacity Planning – Simplify the project intake process working toward continuous improvement, training of all stakeholders and continually increasing throughput
- Lead resource for the Application Assessment program including initial interviews regarding standard controls usage for applications in scope
- Perform testing of the evidence submitted to validate it justifies control effectiveness
- Provide SME and training to IT associates in areas of ISRM such as IAPP, Information Security, and Project Risk Management
- Individual must be a self-starter and have a passion to tackle challenges in an efficient and effective manner
Qualifications for information risk lead
- Pragmatic approach and excellent verbal and written communication skills
- Experience balancing risks with controls
- Organized, methodical and analytical
- Written and verbal presentation skills to a wide variety of senior managers across the organization
- University graduate with a minimum of five years’ solid experience in business continuity and/or information risk management and
- Minimum of 5 years conducting 3rd Party vendor risk assessments within the financial markets, with at least 7+ years of working experience in risk management
3
Information Risk Lead Job Description
Job Description Example
Our company is looking to fill the role of information risk lead. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information risk lead
- Continuously strive to improve the methodology and processes around Vendor Risk Assessments
- Drive all aspects of the risk assessment of third party providers –particularly for China and Japan
- Finalize annual testing plan in agreement with management
- Oversight of BAU IT Interface scoping process, during beginning of year (BOY) control review and throughout the year
- Execution of interface testing in line with plans/scripts
- Provide subject matter expert guidance related to IT Interface controls to GF IT Controls testers and IT application owners
- Ensure that Data Interface IT Control Framework is periodically reviewed and updated as required
- Executes information risk management practices and control
- Provide advisory and guidance in related area
- Perform and validate Information and Vendor Risk assessment
Qualifications for information risk lead
- CISA, CISM, CRISC or CISSP required
- Assist with the review and preparation of financial reporting and schedules
- Experience with implementation and oversight of technology controls
- Interpret, summarize and present findings in understandable documentation that may include charts, graphs, reports
- Minimum of seven years banking experience, experience in risk functions, specialized experience/expertise in business segment, or demonstrate the ability to perform at proficient level of competence to meet duties
- Effective and decisive decision making skills ability to build consensus
4
Information Risk Lead Job Description
Job Description Example
Our company is looking for an information risk lead. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information risk lead
- Regular assessment
- Participate in Country Governance a
- Understanding local technology risk regulatory requirements and provide guidance
- Liaise with Auditor and regulatory
- Maintain security product roadmaps for assigned control area
- Manage and prioritize the data protection book of work ensuring adherence to roadmaps, regulatory compliance and improving long term delivery planning
- Engage with executive stakeholders to identify business demand and prioritize it on the roadmap
- Identify and work with engineering and operations to close gaps in existing product portfolio applying new solutions or if necessary introducing new requirements
- Align expectations, minimize churn and avoid incomplete solution delivery
- Manage vendor relationships to ensure roadmap collaboration, SLA management and ongoing communications to influence strategic product planning
Qualifications for information risk lead
- Bachelor’s degree or equivalent (MS and/or advanced degree is a plus)
- English language communication (Spanish is a plus)
- Knowledge of company, business and regulatory trends (knowledge of key business processes is a plus)
- Information Security & Risk Management certifications is a plus (CISM, CISSP)
- Working knowledge of COBIT and / or ITIL is a plus
- Experience with standard GRC processes
5
Information Risk Lead Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information risk lead. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information risk lead
- Work closely with engineering owners and the Core Infrastructure Team to ensure day to day activities have the appropriate priority and have strong alignment to roadmap
- Manage dependencies within and outside of the product portfolio
- Partner with Security Architecture and Infrastructure for early access to new products requirements
- Broaden engagement with Risk and CTO organizations to align roadmaps with target state architecture
- Work across Firm to enable and monitor product adoption
- Identify opportunities for improving supplier risk posture JPMC's supplier risk management processes, including expanded monitoring, KRI tracking
- Support internal education and best practices sharing with peers and colleagues, supplier education & awareness, as needed
- Lead, coordinate and assist with the planning of risk and audit efforts to ensure successful and timely completion of assignments
- Train, educate, supervise, and assist in evaluating new and lower level IT audit and risk staff
- Maintain working knowledge of information technology, risk, audit, security and privacy practices, tools, processes and requirements
Qualifications for information risk lead
- CISSP or ability to pass exam(s) within 90 days
- Extensive experience working in Information Security ideally within a financial institution handling security incidents, compliance, providing support and dealing with business users on support or requirement gathering
- Familiarity of working in large organizations – understanding of where to use processes and how to build and operate a network
- A team player and works well with the peer teams within End User Services, platform security engineering and service providers who run many aspects of the service
- Experience working with virtual and global teams / Intercultural awareness and within matrixed environments
- Proven experience in Symantec products (Antivirus, DLP), Tenable Vulnerability management, Avecto Defend point, Splunk, Cyberark