This job has expired, please see additional jobs below
Information Risk Management - Policy, Vice President
Finance & Investment Industry Company
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Description
Discover your opportunity with Company (Company), the 5th largest financial group in the world with total assets of over $2.4 trillion (as ranked by SNL Financial, April 2016) and 140,000 colleagues in nearly 50 countries. In the U.S., we’re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that’s working to fulfill its vision to be the world’s most trusted financial group.
Job Summary:
Reporting to the Governance & Frameworks Director, the Policy Vice President is responsible for defining the Information Risk Management (IRM) framework, policies, and standards as well as establishing processes for maintaining them in line with regulations and industry frameworks. This role will be responsible for maturing the framework and policy structure across all areas of information risk governance, technology management, information security, business continuity, and end user computing. This framework needs to evolve and expand to address the needs of several business lines with their own governance structures, diverse business models and regulatory environments. Strong communication and coordination with process owners, central risk governance functions, and senior leadership is essential for the success of this role. The candidate should have strong background in information risk to be able to drive discussions with stakeholders in first and second line of defense. The Policy Vice President works closely with relevant first and second line stakeholders to identify and document information risk requirements and control objectives which, along with the risk appetite, set the tone for how information risk should be managed in the business. This role will require close partnership with enterprise and operational risk functions who set the overall risk framework for the organization, including regular governance working groups and similar forums.
Major Responsibilities:
• Defines and maintains the IRM policy framework based upon industry standards.
• Defines and maintains IRM policies.
• Defines and maintains the policy and standard creation and update processes including stakeholders and syndication and approval processes.
• Builds and maintains IRM policies and standards and keeps relevant, including maintaining internal procedures.
• Supports the alignment of the policies and standards to both regulations and industry frameworks.
• Interpret and synthesize requirements from policies across the spectrum of information risk, including information security, business continuity, third party management, technology management, and IT governance.
• Defines supporting implementation guidance associated with the IRM policies.
• Ensures policies adhere to enterprise risk guidelines and templates.
• Ensures (new) polices follow the required approval process.
• Ensures policies are updated as needed and always in good standing.
• Represents IRM in other associates policy and standard syndication.
• Communicate policy and standard enhancements to domestic stakeholders as well as stakeholders across borders.
• Collaborates with other subject matter experts to determine and communicate the business impact of changes to information risk management policy and standards. Ensures policy changes and new policies are appropriately communicated to the respective stakeholders.
• Stakeholder management and working across various parts of the organization.
• Communicates information risk matters to senior management.
Qualifications
• Bachelor's Degree required Certifications:
• At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP).
• 5 + years of related experience.
• Knowledge of the financial services industry and its regulations / laws.
• Knowledge of three-tiered risk governance structure recommended, including interrelationships and dependencies.
• Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business.
• Working knowledge of Governance, Risk & Compliance technologies (e.g., Archer).
• Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL).
• Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches.
• Knowledge of current industry trends in information risk management.
• Strong MS Office skills along with strong verbal and written communication skills.
• Able to collaborate well with internal and external stakeholders.
• Able to enforce and communicate related policies, procedures, and guidelines.
• Able to be a subject matter expert on information risk management policies and standards.
We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business. Equal Opportunity Employer Minority/Female/Disability/Veterans.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Why Work for Company Corporation?
• We are a financially strong and stable bank.
• We value workplace diversity.
• We are committed to the training and development of our employees.
• Innovative vacation benefits.
• We offer a matching 401k, a Retirement Plan, a variety of Flexible Health Benefits.