Information Risk Management Resume Samples

4.8 (67 votes) for Information Risk Management Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the information risk management job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Resume Builder
CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Create a Resume in Minutes
LM
L Mohr
Laverne
Mohr
351 Hansen Inlet
Philadelphia
PA
+1 (555) 445 1295
351 Hansen Inlet
Philadelphia
PA
Phone
p +1 (555) 445 1295
Experience Experience
San Francisco, CA
Information Risk Management
San Francisco, CA
Gleason, Grimes and Lind
San Francisco, CA
Information Risk Management
  • Provides senior level leadership to subordinates including assigning and managing work, monitoring performance, and conducting performance appraisals
  • Work across all areas in OPE risk management to establish and expand Information Risk Management (IRM) coverage of risks
  • KPIs and benchmarking: assist with developing, implementing, monitoring, and reporting departmental performance metrics (to drive continuous improvement)
  • Supports management in matters related to their team field of expertise and works independently to execute
  • Manages a small team of information risk management metric, analytics, reporting, and issue management subject matter experts
  • People Management Responsibilities (provided in conjunction with the Governance & Framework Director)
  • Identifies, recruits, and manages a team of general technology and cyber-security risk management experts for infrastructure management related processes
New York, NY
Information Risk Management, Process
New York, NY
Dach-Johnson
New York, NY
Information Risk Management, Process
  • Assists in the development of the IRM control inventory, specifically for controls related to technology infrastructure management
  • Assists in the development of policies and standards related to technology infrastructure management processes
  • Assists in the development of the IRM control inventory, specifically for controls that are related to 3rd party serviced technology infrastructure management
  • Assists in the development of the information risk controls inventory, specifically for controls that apply to application development
  • Assists in the development of policies and standards for application development
  • Establishes and maintains a centralized tracking of risk control issues and remediation activities for technology infrastructure management
  • Performs independent information risk assessments on application development processes and practices
present
New York, NY
Information Risk Management, Infrastructure
New York, NY
Smitham-Balistreri
present
New York, NY
Information Risk Management, Infrastructure
present
  • Stakeholder management and working across various parts of the organization
  • Performs independent review and challenge of front line unit cyber related RCSA outputs for technology infrastructure
  • Communicates information risk matters to senior management
  • Performs independent review and challenge of the front line unit cyber security assessments and remediation plans on technology infrastructure
  • Performs independent review and challenge of front line unit RCSA outputs for technology infrastructure
  • Performs independent review and challenge of the front line unit risk assessments on technology infrastructure
  • Knowledge of current industry trends in information risk management
Education Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
University of Arizona
Bachelor’s Degree in Computer Science
Skills Skills
  • Strong MS Office skills along with strong verbal and written communication skills
  • We are a financially strong and stable bank
  • Able to be a subject matter expert on the information risk issue management process
  • Able to be a leader across the organization, a valued partner, and subject matter expert on information risk management and IT project delivery
  • Able to assist in communicating related policies, procedures, and guidelines
  • Able to enforce and communicate related policies, procedures, and guidelines
  • Able to influence and collaborate well with internal and external stakeholders
  • We are committed to the training and development of our employees
  • Innovative vacation benefits
  • We offer a matching 401k, a Retirement Plan, a variety of Flexible Health Benefits
Create a Resume in Minutes

13 Information Risk Management resume templates

1

Manager, Information Risk Management Resume Examples & Samples

  • Create and implement “best practice methodologies” to be leveraged by Time Warner Inc. and its Affiliates as related to information risk management
  • Lead GIS efforts regarding Vendor Risk Management
  • Assist with Safe Harbor IT Controls Assessments for Time Warner Inc. and Enterprise Infrastructure Services
  • Maintain Time Warner Corporate’s Data Loss Prevention and Privacy Assessment programs
  • Create and provide Information Risk Management training and awareness
  • Bachelor’s or Master’s Degree in Computer Science, Information Systems, Information Security or equivalent
  • Minimum 5-7 years in Information Security and/or IT Risk Management
  • CISSP, CISM, or CRISC
  • CIPP preferred
  • Superior problem solving and analytical skills
  • Ability to simultaneously handle multiple high priority projects and priorities with a high degree of professionalism and client service orientation
  • Excellent interpersonal and leadership skills
2

Information Risk Management Resume Examples & Samples

  • Serve as a Subject Matter Expert for Role-Based Access Controls
  • Integrate Risk strategies into I&AM control tools
  • Manage and support role-based controls to ensure appropriate access
  • Analyze and take action to maintain application compliance
  • Support Risk Management and Support Teams with timely data analysis and reporting
  • Review Windows Active Directory and Unix requests for risk compliance
  • Basic SQL query development expertise
  • Knowledge of technology risk management and industry best practices
  • Strong written and verbal presentation skills to a wide audience across the organization
  • CRISC, CISSP, or CISM/CISA certifications a plus
3

Information Risk Management Associate Resume Examples & Samples

  • Identify and assist in the management of IT risk issues including the identification of risks and assistance in the development of processes and controls to help mitigate the identified risks
  • Assists the business and IT in conducting IT Risk assessments related to infrastructure, platforms, and applications in accordance with the company’s Information Risk Management methodology
  • Assist with the interpretation of corporate, local, and applicable regulatory Policies, Procedures and Controls
  • Assists IT and the business in vendor and application risk assessments and provide guidance in the development of solutions to help address identified issues
  • Assist in the development, tracking and validation of metrics and measurements in order to identify weaknesses in controls
  • Provide functional and analytical support of GRC tools
  • Requires 3-5 years in Information Technology Risk Management
  • Knowledge of standards and frameworks in any of these areas: ISO 27001, ISO9001, NIST, COBIT, FFIEC, ITIL and technology best practices
  • Experience with internal controls, risk assessment strategies, audit techniques, and project management
  • Understanding of technology related control development and gap analysis processes
  • Proven analytical, problem solving and trouble shooting skills
  • Strong team player who works well with peers and leaders alike with a desire to contribute positive change
  • Experience with Information Technology risk assessments; audits; & regulatory compliance
  • Experience with GRC tools
  • Understanding of various technologies and ability to discuss risks and compliance within the technology departments such as: operating systems, networking, security operations, internet services, databases, messaging, PC services
  • Proficient in the MS Office products, Adobe Acrobat, SharePoint
4

VP Information Risk Management Resume Examples & Samples

  • Execute and at times manage execution of audit work
  • Contribute to maintenance and risk assessment of the audit universe and audit coverage strategy
  • Perform continuous monitoring of relevant areas in technology infrastructure, data management, operational resilience, or information security
  • Monitor, follow-up on and assess the resolution of audit issues
  • Contribute to the audit opinion
  • Contribute to evaluating the enterprise risk framework, policies and standards
  • Contribute to evaluating the management control approach and control environment of relevant business areas
  • Manage the audit coverage for an assigned section of the team portfolio, including proposing an audit plan, scoping audits, managing ongoing monitoring, and maintaining the BIA view of the control environment and management control approach for your area
  • Scope audit assignments including preparation of the scoping document
  • Manage audit work to ensure that relevant risks and controls have been identified and appropriately assessed
  • Review and direct control evaluation (and perform evaluation when appropriate)
  • Review and complete documentation of scoping, process understanding, risk & control identification, control evaluation and observations in BIA audit toolkit
  • Challenge others where appropriate, if you believe self to be correct
  • Makes decisions on a broad range of factors, with Barclays values at heart
  • Write high quality observations and audit reports (with input from the audit team)
  • Manage audit teams on a day to day basis, working to ensure that audits progress as planned, as regards scope, budget and timetable
  • Support management in identifying resolutions for control issues identified
  • Continue to update awareness of risk issues and changes across relevant business units and use this knowledge to amend audit approach where necessary
  • Provide complete, accurate and timely information to clients for BIA reporting
  • Proactively contribute to the day to day running and continuous improvement within the infrastructure and information security audit teams
  • Proven experience in risk based auditing or risk/control activities within information risk management, including logical access management, information handling, data leakage prevention, incident management and response
  • Broad experience demonstrating capability in risk assessment of technology control environments
  • Practical understanding of relevant regulatory environments
  • Management of audits, including audit planning and delivery, across multiple locations
  • Ability to engage and build relationships with senior client management
  • Experience of leading and developing individuals/teams
  • Proven track record of high performance in previous roles
  • Relevant professional qualifications (e.g. CISA, CISM, CISSP, or other relevant technical qualification; and graduate degree)
  • Financial services industry knowledge, in particular relating to technology infrastructure, Data Management, Information Security or Operational Resilience
5

Information Risk Management Manager Resume Examples & Samples

  • Whether in one country or worldwide. With a strong Forensics presence in more than 40 countries, our strategic threat management approach enables us to work with international clients to anticipate, manage, and respond to threats, while also helping clients become "threat-smart."
  • Best practices for developing and implementing effective enterprise information risk management (IRM) programs for Fortune 500 companies
  • Leading records management and e-discovery technologies
  • Supervising teams to create an atmosphere of trust; seeking diverse views to encourage improvement and innovation; and coaching staff including providing timely meaningful written and verbal feedback
  • Drafting information management strategies and/or roadmaps
  • Developing information risk management policies and procedures, including records management, e-discovery readiness, privacy, and/or security components
  • Creating retention schedules
  • Creating and applying taxonomies and/or classification scheme in an electronic environment
  • Developing and rolling out communications and training
  • Monitoring and auditing the records management function
  • Evaluating and selecting electronic records management (ERM) vendors and project managing the implementation of ERM systems
  • Implementing strategies to archive structured and/or unstructured data, including email
  • Developing and implementing eDiscovery response plans; and
  • Evaluating and selecting e-discovery technology tools, including identification and collection, searching and culling, early case assessment, processing and production tools
6

Information Risk Management Resume Examples & Samples

  • Manage calendars: schedule appointments, meetings, recurring meetings, and other events; book conference rooms and other venues (e.g. restaurants); arrange building access and greet guests; print meeting materials as needed / requested; maintain “time out of office” (e.g. scheduled vacations, working remote) calendar for the 3 executives
  • Manage phones: answer phones, take messages, screen and prioritize calls - Travel and expense management: make travel arrangements (e.g. air, car service, hotel, etc.) using company travel provider / site, prepare itineraries, complete and submit expense reports using company expense management site; ensure team staff visiting from other locations have building access and space / seats
  • New hire (permanent and consultant) on boarding: provide assistance as needed with requesting space, equipment, software, phone, system access, remote access, badges, etc.; ensure new hires are fully on boarded and “live” and provide assistance with navigating company systems / key sites
  • Office supplies: order and maintain office supplies for senior executives and their teams
  • Clerical assistance: assist senior executives as requested; may include accessing and printing system generated reports (staff training, staff vacation, staff absence, etc.), assisting with PowerPoint presentations, updating routine files and forms (e.g. org charts)
  • Provide additional support as requested
  • Excellent organizational and interpersonal skills as well as problem solving, negotiation, and follow-up skills
  • Ability to organize and multi-task
  • Strong Microsoft Word, Excel, PowerPoint, and Outlook skills
  • 3 to 5 years of related experience
7

Information Risk Management Resume Examples & Samples

  • Aware / has a good understanding of control and risk management concepts
  • Good knowledge of security systems and applications
  • Understanding of relevant information risk management regulations and best practices is a plus
  • Able to assist in communicating related policies, procedures, and guidelines
8

Information Risk Management Resume Examples & Samples

  • Ensures IRM Line 2 program is appropriately implemented and followed across IRM
  • Conducts independent reviews of second line unit activities
  • Monitors the maturity of the program though a number of activities, including but not limited to: key performance indicators, adherence to service level agreements, adherence to IRM policies and standards and Line 2 procedures, and quality of documentation
  • Demonstrates excellent knowledge of business management and strategic planning concepts
  • Stakeholder management and working across various parts of the organization
  • Bachelor's degree or equivalent work experience required
  • At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
  • 5 + years of related experience Knowledge
  • Knowledge of quality assessment methodologies and tools
  • Proven knowledge of Information Risk Management frameworks, policies, tools
  • Able to influence and collaborate well with internal and external stakeholders
  • Able to be a subject matter expert on quality concepts, practices, and tools
9

Information Risk Management Resume Examples & Samples

  • Collaborates with other subject matter experts to determine and communicate the business impact of changes to information risk policy and standards
  • Primary point of contact on information risk standards for their specific area of expertise
  • Provides knowledge of current industry trends to improve controls across the firm
  • Works across groups to communicate information risk matters effectively to senior business management
  • Drives and supports the development of strategic program elements and provides input to risk prioritization, including the development and implementation of key metrics (KRIs, KPIs)
  • Provides advice and guidance on information risk matters involving legal or regulatory matters; escalates to management where necessary
  • Drives and supports the development of information risk strategic program elements creating business value and helping to streamline technology development
  • Reviews internal and external IT projects and applications for risk issues and ensures adherence to security policies, industry best practices, and security controls
  • Bachelor's Degree or equivalent work experience required
  • 1 or more of GSEC, CISSP, CISM, CISA, CRISC, CGEIT preferred, but not required
  • Excellent knowledge of security systems and applications
  • Ensures application risk assessments are performed in line with policy requirements
  • Facilitates reviews, identifies and documents any resulting breaks requiring remediation
  • May be a leadership role on internal teams to deploy information risk protection technologies and to make product recommendations for future release
  • Awareness and understanding of risk management, compliance, information protection, regulatory concepts, and requirements
  • Excellent knowledge of security systems and applications and be able to assist in communicating related policies, procedures, and guidelines
  • Knowledge of the financial services industry and its regulations / laws is required
  • Thorough understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business is required
  • Understanding of industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
10

Information Risk Management, Infrastructure Resume Examples & Samples

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the cyber security risk associated with technology infrastructure
  • Assesses compliance to cyber security policies and standards related to technology infrastructure
  • Defines testing processes for cyber security risks associated with technology infrastructure
  • Conducts cyber security assessments on technology infrastructure
  • Performs independent review and challenge of the front line unit cyber security assessments and remediation plans on technology infrastructure
  • Maintains oversight of the front line unit remediation efforts for cyber security exposures, gaps, and deficiencies on technology infrastructure
  • Performs independent review and challenge of front line unit cyber related RCSA outputs for technology infrastructure
  • Manages and conducts independent risk assessments, vulnerability scans, and penetration testing results conducted on technology infrastructure
  • 5 + years of related experience
  • Subject matter expertise in conducting and designing cyber security risk assessments for technology infrastructure
  • Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
  • Strong MS Office skills along with strong verbal and written communication skills
  • Able to be a subject matter expert on assessing the maturity of cyber security practices for infrastructure
11

Information Risk Management Resume Examples & Samples

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the risks associated with applications
  • Assists in the development of the IRM control inventory, specifically for controls related to applications
  • Works closely with the Governance team to help define appropriate policies and standards relevant to applications
  • Assesses compliance to cyber policies and standards related to applications
  • Performs independent review and challenge of the front line unit risk assessments and control testing for applications
  • Reviews risk mitigation strategies and tracks remediation efforts as issues are identified
  • Conducts 2nd line risk assessments and control testing for applications; includes source code reviews, secure SDLC processes, application vulnerability management
  • Proven knowledge of general technology application assessment methodologies and tools
  • Proven knowledge of application security assessment methodologies and technologies
  • Experienced in application security related standards, and best practices such as secure code reviews, secure SDLC, and application vulnerability management
  • Prior experience with application development and SDLC related processes is preferred
  • Able to be a subject matter expert on assessing general technology processes relating to applications
12

Information Risk Management Resume Examples & Samples

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the risks associated with third party applications
  • Assists in the development of the IRM control inventory, specifically for controls related to third party applications
  • Works closely with the Governance team to help define appropriate policies and standards relevant to third party applications
  • Assesses compliance to cyber policies and standards related to third party applications
  • Performs independent review and challenge of the front line unit risk assessments and control testing for third party applications
  • Conducts 2nd line risk assessments and control testing for third party applications; includes source code reviews, secure SDLC processes, application vulnerability management
13

Information Risk Management Resume Examples & Samples

  • Assesses compliance to policy / standard / procedure related to technology infrastructure
  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the risk associated with technology infrastructure
  • Performs independent review and challenge of the front line unit risk assessments on technology infrastructure
  • Maintains oversight of the front line unit remediation efforts for risk exposures, gaps, and deficiencies on technology infrastructure
  • Conducts risk and threat assessments on technology infrastructure
  • Performs independent review and challenge of front line unit RCSA outputs for technology infrastructure
  • Prior experience of management of technology infrastructure is preferred
  • Experienced with vulnerability scanning and penetration testing tools and technologies
  • Understanding of ITIL Service Management processes
14

Information Risk Management, Process Resume Examples & Samples

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the risk associated with 3rd party serviced technology infrastructure
  • Assists in the development of the IRM control inventory, specifically for controls that are related to 3rd party serviced technology infrastructure management
  • Assesses compliance to policy, standards, and procedures for 3rd party serviced technology infrastructure management
  • Performs independent information risk assessments on the processes for 3rd party serviced technology infrastructure management
  • Executes sample based testing of information risk controls on the processes for 3rd party serviced technology infrastructure management
  • Establishes and maintains a centralized tracking of risk control issues and remediation for 3rd party serviced technology infrastructure management processes
  • Performs independent review and challenge of front line unit assessments and mitigation strategies
  • Knowledge of information risk governance framework / policies / procedures / standards / controls, and mitigation strategies
  • Past experience of managing technology infrastructure is preferred
  • Past experience of establishing and maintaining third party risk management practices is preferred
  • Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
  • Knowledge of current industry trends in information risk management
  • Able to collaborate well with internal and external stakeholders
  • Able to collaborate with 3rd party stakeholders
15

Information Risk Management, Process Resume Examples & Samples

  • Designs and operates the risk control testing program for IT processes
  • Designs and implements testing processes for critical IT controls
  • Performs challenge and review of front line unit risk controls testing activities
  • Executes sample based testing of front line unit risk controls
  • Performs independent review and challenge of risk control remediation action plans and remediation activities
  • Establishes and maintains a centralized tracking of risk controls remediation
  • Supports the definition of front line unit risk controls as it relates to IT processes
  • Knowledge of the financial services industry and its regulations / laws
16

Information Risk Management Resume Examples & Samples

  • Assists in the development of policies and standards related to technology infrastructure management processes
  • Assesses compliance to policy, standards, and procedures for technology infrastructure management processes
  • Executes sample based testing of information risk controls on the processes for technology infrastructure management
  • Establishes and maintains a centralized tracking of risk control issues and remediation activities for technology infrastructure management
  • Performs independent review and challenge of front line unit mitigation strategies
  • Able to be a subject matter expert on review and challenge processes, information risk governance framework / policies / procedures / standards / controls, and mitigation strategies
  • Able to understand technology infrastructure management related best practices and processes
17

Information Risk Management Resume Examples & Samples

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the technology and cyber risks associated with the use of 3rd parties
  • Assists in the development of the IRM risk controls inventory, specifically those that apply to 3rd parties
  • Assists in the development of IRM policies and standards, specifically those that apply to 3rd parties
  • Reviews and challenges first line information security assessments for new and existing 3rd parties
  • Performs independent information security risk assessments on both new and existing 3rd parties, as required
  • Executes sample based testing of 3rd party related information security risk controls
  • Establishes and maintains a centralized tracking of 3rd party related information security risk issues and remediation activities
  • Prior experience in conducting and managing 3rd party information security risk assessments
  • Knowledge of the financial services industry and its regulations / laws specifically pertaining to 3rd parties
18

Information Risk Management, Process Resume Examples & Samples

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the information risk associated with application development
  • Assists in the development of the information risk controls inventory, specifically for controls that apply to application development
  • Assists in the development of policies and standards for application development
  • Assesses compliance to policies and standards for application development
  • Performs independent information risk assessments on application development processes and practices
  • Executes sample based testing of information risk controls on the processes and practices for application development
  • Establishes and maintains a centralized tracking of risk controls issues and remediation activities for application development related processes
  • Prior experience in application development or management of Software Development Lifecycle is preferred
  • Able to understand application development related processes and practices
19

Information Risk Management, Infrastructure Resume Examples & Samples

  • Supports controls design and testing processes for information risks associated with technology infrastructure
  • Subject matter expertise in conducting and designing risk assessments for technology infrastructure
  • Able to be a subject matter expert on assessing general technology processes relating to infrastructure
20

Information Risk Management Resume Examples & Samples

  • Assists in the development of cyber policies and standards relevant to applications
  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the cyber risks associated with applications (both in-house and third party)
  • Assists in the development of the IRM control inventory, specifically for controls related to technology applications
  • Performs independent review and challenge of the front line unit cyber risk assessment and control testing for applications
  • Conducts 2nd line cyber risk assessments and control testing for applications; includes vulnerability scans, penetration tests and other assessment techniques
  • Able to be a subject matter expert on application security assessment methodologies and tools
21

Information Risk Management Resume Examples & Samples

  • Monitoring for new regulatory requirements and assessing applicability to the enterprise
  • Understanding, translating, and communicating regulatory requirements across the enterprise
  • Implementing regulatory requirements for the second line of defense through a number of activities including updating of IRM framework, policies, ands standards
  • Working closely with the training and awareness team to communicate regulatory requirements across the enterprise
  • Coordinating and overseeing regulatory examinations, including defining management responses to examinations, communicating with regulatory agencies and examiners, and ensuring remediation of regulatory examination issues
  • Reviewing front line units regulatory responses
  • Remediating regulatory examination issues within the second line of defense and overseeing remediation of first line issues
  • Defining the requirements for the GLBA, PCI, and HIPAA programs for the enterprise
  • 10+ years related experience
  • Proven knowledge of regulatory requirements, regulatory issue remediation, and regulatory reporting
  • Knowledge of the financial services industry and its regulations / laws. Strong understanding of regulatory requirements, including and not limited to GLBA, FFIEC etc
  • Able to be a leader across the organization, a valued partner, and subject matter expert on regulatory requirements, remediation, and reporting
22

Information Risk Management Resume Examples & Samples

  • Identifies, recruits, and manages a small team of information risk management metrics subject matter experts
  • Ensures all committed deliverables and associated timeframes are met -
  • Controls budgets; ensures financials and staffing levels are inline with approved budget on an ongoing basis
  • Understands workload in order to easily flex with the changing internal and external environments in which we work Process Responsibilities
  • Defines information risk metrics and key risk indicators across all information risk domains
  • Works closely with front line units to define and implement gap closure plans to source data for the identified risk metrics and key risk indicators
  • Acts as an advisor to front line units to design and implement strategies to provide the supporting data
  • Aggregates information risk data from various front line units
  • Analyzes data to set enterprise-level risk thresholds and limits to be followed by front line units
  • Defines, develops, executes and maintains processes to develop and continuously enhance enterprise-level information risk management metrics and associated dashboards
  • Responsible for producing periodic risk reporting to key committees, senior management, and the board
  • Reviews and challenges information risk metrics and reports produced by the front line units Generally
  • Proven knowledge of information risk management metrics and reporting process / methodologies and tools
  • Strong MS Office skills along with strong verbal and written communication skills Abilities
23

Information Risk Management Resume Examples & Samples

  • Represents IRM and MUFG in important external information sharing / industry forums and committees (e.g., FS) ISAC, FSSCC, SIFMA Cyber Security Sub-Committee, and ISA)
  • Understands the MUFG position on matters and reflects them in the external forums
  • Participates or ensures appropriate MUFG participation in important external committees and other forums; communicates critical issues and initiatives to appropriate MUFG staff
  • Represents IRM and MUFG in committees
  • Stays in constant contact with peers and the market
  • Proven knowledge of information risk management and respective industry forums, conferences, and other information sharing venues and events
  • Able to be a leader across the organization, a valued partner, and subject matter expert on Information Risk Management industry forums and information sharing groups and events
24

Information Risk Management Resume Examples & Samples

  • Identifies, recruits, and manages a team of general technology and cyber-security risk management experts for infrastructure management related processes
  • Ensures all committed deliverables and associated timeframes are met
  • Controls budgets; ensures financials and staffing levels are in line with approved budget on an ongoing basis
  • Experienced in building and operating information risk management second line assessment and control testing functions with subject matter expertise in designing and implementing risk management practices for technology infrastructure
  • Proven knowledge of review and challenge processes, information risk governance framework / policies / procedures / standards / controls, and mitigation strategies
  • Knowledge of ITIL Service Management processes
  • Able to be a leader across the organization, a valued partner, and subject matter expert on information risk assessment related to infrastructure management
25

Information Risk Management Resume Examples & Samples

  • Leverage enterprise standards to define the criteria, tools, and methodologies for managing information risk issues
  • Standardize and implement information risk issue management processes across various first line units
  • Track critical information risk issues including control deficiencies, policy exceptions, and other self identified issues
  • Track front line unit corrective actions across the enterprise
  • Leverage information risk assessment technologies to establish and maintain an enterprise-wide risk issues library for information risk management
  • Serve as a point of contact for escalation of issues when information risk issue related metric thresholds are breached; escalate threat breaches to senior management as required
  • Report key information risk issues to senior management as required
  • Proven knowledge of information risk issue management criteria, tools, and methods
  • Able to be a subject matter expert on the information risk issue management process
26

Information Risk Management Resume Examples & Samples

  • Defines methods and processes to establish and maintain enterprise wide information risk, threat and control libraries
  • Drives the building of enterprise-wide risk, threat and control libraries through working with relevant first and second line stakeholders
  • Drives the maintenance of enterprise-wide risk, threat and control libraries based on input from the first and second line stakeholders and industry intelligence on a regular and timely basis
  • Drives the mapping of risks, threat and controls to the list of information risk management policies / standards, regulations and industry best practice frameworks (e.g. NIST-CF, ISO, COBIT, etc.), detailed risk scenarios, and playbooks
  • Works closely with training & communication stakeholders to develop training material and deliver training programs
  • Leverages Governance, Risk & Compliance technologies to manage libraries and support reporting functions
  • Works with the front line units to gather first line control owners, control operating and testing procedures, and aligns them with the controls in the library
  • Works with the second line to gather the second line testing procedures and aligns them with the controls in the library
  • Is aware of new information risk regulations in order to align them to the risk, threat and control libraries to support the assessment of compliance and / or impact on a regular and timely basis
  • Proven knowledge of risk, threat and control library development and maintenance; proven knowledge of risk / threat / control analysis criteria, tools, and maintenance methodologies
  • Working knowledge of Governance, Risk & Compliance technologies (e.g., Archer)
  • Able to be a subject matter expert on risk and threat libraries, analysis criteria, tools, and methodologies
27

Information Risk Management Resume Examples & Samples

  • Develops and implements processes to analyze and aggregate information on enterprise wide information risks and the technology requirements for automation
  • Coordinates with stakeholders to develop information risk reporting dashboards
  • Performs independent review and challenge of front line unit risk report content based on their own analysis
  • Reviews and challenges first line GLBA, PCI, and HIPAA reports prepared for the Board and Executive Committees
  • Prepares independent information risk management reporting to the Board and Executive Committees
  • Consumes threat intelligence information, risk and threat libraries, and other control libraries to provide an aggregated view of risk across the enterprise
  • Works closely with the Analytics and Reporting teams to collect and analyze aggregate risk information
  • Analyzes and reports on aggregate risk information to senior management
  • Determines critical information risk themes and escalates to senior management to drive risk reduction
  • Maintains subscriptions to information sharing sources (US-CERT, FS-ISAC)
  • Proven knowledge of information risk management analytics and reporting
  • Experienced in managing tools and technologies and producing reports for risk analytics
  • Able to be a subject matter expert on information risk management analytics and reporting
28

Information Risk Management Resume Examples & Samples

  • Budget management: assist designated department management with annual budget planning, perform monthly monitoring and review of actual versus planned expenses / explanations for variances with department management
  • Headcount reporting: create and review monthly headcount reports (FTE, consultant, contractor / upcoming contractor roll offs, open positions, turnover / mobility) with department management; maintain current organization charts
  • Location strategy: create and review monthly reports of current versus planned footprint with department management
  • Liaise with Finance, HR, and their designated ARM department as required/ needed to develop above reporting
  • KPIs and benchmarking: assist with developing, implementing, monitoring, and reporting departmental performance metrics (to drive continuous improvement)
  • Internal reporting: assist with reporting of internal departmental issues (performance, quality)
  • Provide additional support as needed (e.g., staff meetings, communication / training / awareness support, and special initiatives support)
  • Demonstrates excellent knowledge of business management concepts
  • Knowledge of business management practices and methodologies is required; knowledge of KPIs (development, implementation, reporting) and benchmarking is a plus
  • Knowledge of the financial services industry and its regulations / laws is preferred
  • Understanding of control and risk management concepts is preferred
  • Strong MS Office skills
  • Detail and process oriented
  • Able to be a subject matter expert on business management practices
29

Information Risk Management Resume Examples & Samples

  • Demonstrates a solid understanding of diverse IRM stakeholder needs and motivations and how to use IRM communications to strengthen the Three Lines of Defense
  • Serves as a trusted advisor on IRM communications issues, gaining and maintaining the confidence of MUFG’s senior IRM leaders
  • Creates an effective IRM communications strategy that considers the needs of the IRM organization and its stakeholders
  • Conducts active, ongoing outreach to stakeholders; gains consensus on communications plans and refines programs based on client feedback
  • Develops effective, targeted IRM messaging, rolls it out consistently across appropriate channels; communications vehicles include: senior management, client, and regulator presentations; town halls and webinars; collateral; and executive communications
  • Develops all content for enterprise-wide mandatory IRM training, internal IRM staff training, and front-line unit training
  • Supports multi-year project with communications, awareness, and training materials
  • Uses appropriate monitoring and measurement tools to assess and communicate campaign results to internal stakeholders, including IRM executives, employees, and direct reports
  • Develops, implements, and ensures compliance with enterprise communications standards and processes
  • Provides customized communications services to IRM constituents to meet their unique needs, ensuring their timely, successful delivery
  • Executes Shared Service responsibilities: updates board, committee, and executive level presentations and reporting templates provided by the Shared Service; supports employee engagement events; manages and directs enterprise wide IRM risk awareness and training support provided by the Shared Service; and reviews and provides feedback on the Shared Service Performance / SLAs
  • Proven knowledge of and experience with producing and implementing risk culture awareness training, and producing various types of internal and external audience communications
  • Able to communicate with all levels of management
  • Able to be a leader across the organization, a valued partner, and subject matter expert on risk culture awareness training and communications (for internal and external audiences)
  • We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business. Equal Opportunity Employer Minority/Female/Disability/Veterans
30

Information Risk Management Resume Examples & Samples

  • Defines and maintains IRM policies
  • Defines and maintains the IRM policy framework based upon industry standards
  • Defines and maintains the policy and standard creation and update processes including stakeholders and syndication and approval processes
  • Builds and maintains IRM policies and standards and keeps relevant
  • Supports the alignment of the policies and standards to both regulations and controls
  • Defines supporting implementation guidance associated with the IRM policies
  • Ensures policies adhere to enterprise standards and templates
  • Ensures (new) polices follow the required approval process
  • Ensures policies are updated as needed and always in good standing
  • Represents IRM in other associates policy and standard syndication
  • Collaborates with other subject matter experts to determine and communicate the business impact of changes to information risk management policy and standards. Ensures policy changes and new policies are appropriately communicated to the respective stakeholders
  • Education:Bachelor's Degree required
  • Certifications: At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
  • Experience:5 + years experience in writing IRM policies and standards is required
  • Knowledge
  • Proven knowledge of policy creation and maintenance; ensuring adherence and compliance
  • Skills:Strong MS Office, writing, and communication skills
  • Abilities
  • Able to be a subject matter expert on information risk management policies and standards
31

Information Risk Management Resume Examples & Samples

  • Identifies, recruits, and manages a team of policy, library & methods, analytical & reporting, and issue management subject matter experts
  • Experience: 10 + years related experience
  • Thorough knowledge of information risk management governance, policies, & libraries, analytics & reporting, and issue management
  • Skills: Strong MS Office skills along with strong verbal and written communication skills
  • Able to be a leader across the organization, a valued partner, and subject matter expert for information risk management governance, policies, libraries, analytics & reporting, and issue management
32

Information Risk Management Resume Examples & Samples

  • Works with Information Risk Management colleagues to ensure the appropriate risk and control framework, governance, policies, methods, standards, processes, reporting, and training are developed, applied, and understood by impacted stakeholders
  • Communicates information risk matters effectively to senior business management
  • Drives and oversees consistency in approach, execution, and reporting across the technology and information risk function
  • Drives program steering committees and, where applicable, participates in support program governance
  • Drives and oversees the development of information risk strategic program elements
  • Provides prioritization of risk, creating business value and helping to streamline technology development
  • Drives the development and implementation of key metrics (KRIs, KPIs), with ownership for providing business value towards monthly dashboard reports
  • Provides advice and guidance on information risk matters involving legal or regulatory matters; acts as a primary interface between the business areas for these matters
  • Reviews internal and external IT projects and applications for risk issues and ensures adherence to security policies and industry best practices and security controls, taking full ownership where concerned
  • Prepares and presents materials for internal and external client communications and takes ownership for follow-ups where necessary
  • Proven awareness and understanding of risk management, compliance, information protection, regulatory concepts, and requirements
  • Advanced knowledge of security systems and applications and be able to assist in communicating related policies, procedures, and guidelines
  • Knowledge of the financial services industry and its regulations / laws is required, along with operational aspects of the business and a thorough understanding of control and risk management concepts
  • Extensive knowledge of Risk Management policies, methods, standards, processes, governance models, and in-depth knowledge of industry standard risk analysis approaches
  • Excellent understanding of systems architecture, hardware, operations, system life cycle, and information security along with investigative principles, incident response procedures, computer forensics, Information Security practices, and effective risk management
  • Significant experience in one or more financial industry risk, control, and governance disciplines (e.g., audit, business continuity planning, regulatory compliance)
33

Information Risk Management Resume Examples & Samples

  • Interacts with senior information risk-type officers (e.g. Business Unit Risk Managers, Business/Technical Information Security Officers, Third Party Risk Management Officers, Business Recovery Coordinators, etc.) aligned with each business and business unit support organization (e.g., Consumer, Corporate, Investment Banking, Transaction Banking, Risk, Human Resources, Integrated Services Americas, etc.) to support them in aligning and complying to the Information Risk Management (IRM) framework and second line of defense requirements
  • Acts as an advisor; and facilitator to drive appropriate and effective operational communication between IRM and the first lines of defense in order to assist senior information risk-type officers to consistently and appropriately implement IRM policies and standards, conduct assessments and testing and training/awareness, and risk governance and reporting
  • Reviews and challenges information risk management activities within the business and business unit support organizations
  • Serves as a point of contact when risk tolerance limits are breached within the business and business unit support organizations
  • Coordinates and facilitates regular communications between IRM and the business and business unit support organizations to drive awareness/understanding/collaboration of risks, issues, threats, programs, initiatives across the two lines of defense
  • If an appropriate situation arises, coordinates incident investigations with the senior information risk-type officers
  • Proven knowledge of Information Risk Management frameworks, policies, tools, and mitigation practices
  • Able to communicate to all levels of management
  • Able to be a leader across the organization, a valued partner, and subject matter expert on Information Risk Management frameworks, policies, tools, and mitigation practices
34

Senior Director, Information Risk Management Resume Examples & Samples

  • Develop and implement an enterprise IRM program to provide strategic input and guidance into privacy and security due diligence activities related to technology and business initiatives
  • Oversee the Business Information Security and Governance, Risk, and Compliance (GRC) programs to deliver comprehensive information risk management solutions, establishing workload balancing and prioritizing tasks and projects based upon an expert assessment of risks and threats
  • In support of the CISO, develop, maintain, and drive IRM metrics that report upon KPI’s and KRI’s as related to the firm’s compliance with regulatory requirements and internal policies and controls related to information assets. The IRM metrics shall establish an environment of continuous improvement
  • Engages with senior representatives across Realogy and its Business Units to provide full-spectrum alignment on Realogy’s IRM program
  • Manage the delivery of IT Privacy, IT SOX and Third Party risk assessments
  • Oversee Realogy’s Information Security training and awareness program
  • Minimum 12 years’ overall experience managing information security and IT privacy in a global corporate environment
  • In-depth knowledge of ISO27001/2, NIST, Sarbanes-Oxley, and domestic/international regulations related to Personally Identifiable Information (PII) and Personal Health Information (PHI)
  • Experience dealing with external auditors
  • Experience developing effective processes to identify, document, and mitigate risk
  • Comfort working at all levels of seniority, both within Realogy and its Business Units, and with other client institutions, industries, or government entities
  • CISSP or CRISC required
  • CIPM or CIPP preferred
35

Information Risk Management Resume Examples & Samples

  • Creates and maintains the IRM Level 2 service management catalogue (to include, per service): roles and responsibilities, processes, interaction model, tech
  • Defines and monitors IRM Level 2 performance including: KPIs, benchmarking, SLAs, and maturity model
  • Develops and maintains an ongoing 3 year strategic plan including: goals, objectives, and departmental scorecard; ensures the departmental scorecard is aligned with Americas Risk Management and MUFG strategies
  • Responsible for the IRM organizational build-out, including: organization design, hiring plan, job descriptions, job requisitions, recruiting liaison, and location strategy / footprint, and budget planning
  • Liaise / main point of contact with Office of the CRO functions / shared services
  • Demonstrates excellent knowledge of service management, strategic planning, and business management concepts and practices
  • 10 + years related experience
  • Proven knowledge of service management and strategic planning concepts and methodologies
  • Demonstrated expertise in business management practices (budgets, headcount management, and location strategy)
  • Skilled at synthesizing data, identifying relevant themes, and building story boards for executive level presentations
  • Awareness and understanding of risk management, compliance, information protection, regulatory concepts, and requirements is a plus, but not required
  • Ability to communicate related procedures and practices is required
  • Knowledge of the financial services industry is required; knowledge of its regulations / laws is preferred
  • Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business is preferred, but not required
  • Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches is preferred, but not required
  • Able to be a valued partner and subject matter expert for operation management practices, strategic planning, and performance management
36

Information Risk Management Lead Resume Examples & Samples

  • University graduate with a minimum of five years’ solid experience in business continuity and/or information risk management and. Experience in the financial industry preferred
  • CBCP, MBCI, CISA or CISSP preferred
  • Experience with LDRPS will be an added advantage
  • Strong communication skills, including ability to translate complex technical issues into fundamental concepts
  • High level of integrity and professional work practice
  • Appreciation of the people and culture of different countries
  • Good analytical and teamwork capability and able to work on own role independently
  • Project Management and Incident and Problem Management
  • Good technical knowledge of Microsoft Office applications
  • Proficient in English and local language, spoken and written
37

Information Risk Management, Process Resume Examples & Samples

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the risk associated with the processes for technology infrastructure management
  • Assists in the development of the IRM control inventory, specifically for controls related to technology infrastructure management
  • Performs independent information risk assessments on the processes for technology infrastructure management
38

Information Risk Management Resume Examples & Samples

  • Work across all areas in OPE risk management to establish and expand Information Risk Management (IRM) coverage of risks
  • Work across front line control areas to integrate and leverage activities, especially in ISA
  • Participate actively in IRM governance and working groups representing OPE Risk management
  • Enhance the risk and control assessment process to address IRM Risks using the criteria, tools and methods defined by the second line of defense
  • Manage a team of risk analysts
  • Work with operations managers to understand their business and technology environment
  • Assess operations environments, identify key risks and controls, and determine control effectiveness
  • Highlight key risks and determine required controls to prevent or detect those risks
  • Execute risk control self-assessments (RCSAs) that incorporate IRM risks and controls
  • Teach and inspire operations staff to think about processes, risks and controls
  • Stay current with industry trends – with regards to the processes you assess, risks, and risk and control assessment techniques
  • Monitor front line unit adherence to the Risk Governance Framework, policies and standards defined by the second line of defense
  • Monitor front line unit development and maintenance of the required technical standards and operating procedures
  • Ensure ownership and maintenance of risk controls across front line units
  • Monitor metrics and indicators associated with key risks and controls
  • Identify opportunities for new or enhanced metrics that aid in the early identification of risks
  • 10+ years in Operations management or operations, operations or operational risk management, operations audit or related role
  • Significant experience in the financial services sector designing, evaluating, and/or testing processes
  • Highly skilled/adept at drawing and evaluating operational processes, highlighting risks and controls
  • Advanced proficiency in several business continuity related topics
  • 5+ years leading/managing and inspiring teams of at least 4 people
  • Proven success in a highly matrix management role
  • Experience teaching and coaching staff
  • Enjoy analyzing and discussing risks and controls
  • Ability to “connect the dots” and see and articulate a broader picture of risks
  • Demonstrated ability to overcome obstacles and deliver assignments on-time and with high quality
  • High energy self-starter
  • Enjoy discussing risks and controls
39

Information Risk Management Summer Intern Resume Examples & Samples

  • Research and documentation development on how various technologies and processes work
  • Gathering, reporting, and delivery of security metrics
  • Participation in logging and monitoring processes including log reviews
  • Various small projects and process assistance as needed
  • Excellent verbal and written communication, analytical and problem-solving skills, time management, and customer service skills, including ability to be assertive and diplomatic
  • Basic Knowledge and experience with the following: Scripting (e.g. Perl, Python, VBA, Javascript, etc.) and Windows Office Suite
  • Previous work or classroom experience in one of the following: information systems, systems audit, business process or information systems security
  • Aptitude for learning on the fly and interest in information systems security concepts and techniques
  • Knowledge of SharePoint administration a plus
40

Information Risk Management Resume Examples & Samples

  • People Management Responsibilities (provided in conjunction with the Governance & Framework Director)
  • Manages a small team of information risk management metric, analytics, reporting, and issue management subject matter experts
  • Specifically | provides oversight and direction for
  • Developing, maintaining, and reporting information risk metrics and key risk indicators across all information risk domains
  • Defining, developing, executing, and maintaining processes to develop and continuously enhance enterprise-level information risk management metrics and associated dashboards
  • Developing and implementing processes to analyze and aggregate information on enterprise wide information risks and the technology requirements for automation
  • Reviewing and challenging information risk metrics and reports produced by the front line units
  • Aggregating information risk data from various front line units; analyzing data to set enterprise-level risk thresholds and limits to be followed by front line units
  • Analyzing and reporting aggregate risk information to senior management; determining critical information risk themes and escalating to senior management to drive risk reduction
  • Leveraging enterprise standards to define the criteria, tools, and methodologies for managing information risk issues
  • Standardizing and implementing information risk issue management processes across various first line units
  • Tracking critical information risk issues including control deficiencies, policy exceptions, and other self identified issues; tracking front line unit corrective actions across the enterprise
  • Leveraging Governance, Risk & Control technologies to establish and maintain an enterprise-wide risk issues library for information risk management
  • Serves as a point of contact for the escalation of issues when information risk issue related metric thresholds are breached
  • Escalates critical information risk themes to senior management to drive risk reduction
  • Acts as an advisor to front line units in the design and implementation of risk metrics and key risk indicators
  • 1 or more security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
  • 10 + years of related experience
  • Proven knowledge of information risk management metrics and reporting process / methodologies and tools; information risk management analytics and reporting; information risk issue management criteria, tools, and methods
41

Information Risk Management Resume Examples & Samples

  • Leads the rollout of the IRM program expansion across (in scope) entities
  • Drives the socialization, adoption, consistent and appropriate implementation, and ongoing maintenance of the IRM framework, polices, standards, methods, etc. across the entities
  • Facilitates appropriate and effective communication and collaboration between IRM and the entities
  • Ensures IRM and the entities' roles and responsibilities, timelines, and requirements are clear
  • Front Line Unit |BAU Oversight – Provides guidance and direction to Front Line Unit | BAU Director to ensure
  • Appropriate and effective operational communication between IRM and the first lines of defense in order to assist senior information risk-type officers to consistently and appropriately implement IRM policies and standards, conduct assessments and testing and training/awareness, and risk governance and reporting
  • Appropriate review and challenge of information risk management activities within the business and business unit support organizations
  • Point of contact when risk tolerance limits are breached within the business and business unit support organizations
  • Regular communications between IRM and the business and business unit support organizations to drive awareness/understanding/collaboration of risks, issues, threats, programs, initiatives across the two lines of defense
  • If situation arises, coordinates incident investigation with the senior information risk-type officers
  • Stakeholder management; interacts with each entities' senior information risk-type officers to support them in aligning and complying to the IRM framework and second line of defense requirements
  • Serves as a point of escalation contact between IRM and the entities
  • Education: Bachelor's degree required
  • Knowledge of IRM frameworks, policies, tools, and mitigation practices is preferred but not required
  • Understanding of control and risk management concepts is required; knowledge of the operational aspects of the information risk business is preferred
  • Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL) is preferred
  • Knowledge of current industry trends in information risk management is preferred
  • Able to be a leader, a valued partner, and subject matter expert on Information Risk Management frameworks, policies, tools, and mitigation practices
42

VP, Information Risk Management Resume Examples & Samples

  • The Vice President of Information Risk is responsible for leading and managing the Information Risk Management Program. Reporting to the SVP of Operational Risk, the incumbent shall employ sufficient measures to comprehensively identify, assess, mitigate, manage, monitor and report information security risk and protect the information assets of the institution. The VP shall work with business functions, corporate areas and clients and partners to implement and maintain practices in line with SC defined policies and standards for information risk and security, reflective of corporate, regulatory and industry best practices
  • Develop and maintain the SC Information Risk Management Policy
  • Oversee the creation, management, and development of information security standards, procedures, and guidelines in line with the Information Risk Management Policy
  • Establish and maintain procedures to ensure information is protected in compliance with information risk management standards and applicable laws
  • Oversee the execution of information risk assessments
  • Provide input into the corporate information and technology risk strategy and tactical execution thereof
  • Collaborate with stakeholders (e. g. , IT, Legal, Audit, HR, and Risk Management) to help develop a consistent process for identifying, developing, and implementing controls to address information security risks
  • Escalate policy exceptions and risk tolerance breaches in a timely manner
  • Manage the implementation of an Information Risk Management Program and related risk analytical activities for SC that is consistent with applicable regulatory requirements
  • Execute information risk assessments and implement risk assessment framework for 1st line of defense
  • Continue to build capabilities (technical and soft skills) in IRM to support the Operational Risk Management Framework
  • Direct the development and execution of 2nd line of defense project plans for SC
  • Report and monitor conformance and delivery against program objectives, making adjustments and recommendations, where justified
  • Oversee the development of key risk indicators, key performance indicators and risk tolerances
  • Monitor risk acceptances, risk tolerance breaches and significant control gaps. Escalate pertinent findings in a timely manner
  • When appropriate, develop programs to meet regulatory standards and monitor and report conformance and delivery against project plans, making adjustments and recommendations, where justified
  • Facilitate the completion of effective regulatory examinations and audit reviews of information risks, when required
  • Communicate updates and ensure leadership and management behaviors support the many change initiatives
  • Collaborate with peers and support direct reports in exercising opportunities to credibly challenge risk assessments and mitigation plans
  • Build and maintain high-performance teams within the risk organization with the capabilities for risk identification, assessment, measurement, mitigation, aggregation and reporting
  • Performs other duties and special projects as assigned
  • May assist in other related departments as required by business needs
43

Information Risk Management Analyst Resume Examples & Samples

  • Working in partnership with the AIRM and border IT teams to define risk reporting requirements
  • Define and deliver monthly reporting, including but not limited to security metrics, KRI/KPIs and executive summaries
  • Design and implement analytical techniques and processes aimed at proactively measuring information security risks and control issues
  • Collect, aggregate, and analyze data to evaluate process improvement opportunities and facilitate decision-making
  • Develop and support team’s SharePoint, MF Connect and other collaboration tools
  • Support IRM programs and coordinate risk remediation when required
  • University Degree (Computer Science, IT/IS, business or related fields)
  • 2 years of experience in information risk or security management, working in Big 4 or global consulting companies would be highly desired
  • Sound Knowledge of visualization and report automation BI tools such as QlikView
  • Proficient with MS Office Suite (Word, Excel and PowerPoint)
  • Strong focus on service, quality, and delivery with flexibility to multi-task order to meet deadlines
  • Ability to develop creative solutions to meet deadlines
  • Excellent time management and organizational skills with attention to detail
  • Positive attitude and self-motivated with ability to learn quickly, adjust to changes and think outside the box
  • Good verbal/written and inter-personal skills
  • Process, results oriented, proactive, self-motivated and work independently
  • Quick leaner and able to work in a matric organization
  • Proven ability to multi-task, manage and work on tasks concurrently
  • Team player and cross training team members
  • Good interpersonal communication, management and presentation skills
  • Proficient in English, spoken and written
  • Security Certifications: CISM, CISSP and/or CISA (preferred but not a must)
44

Information Risk Management Resume Examples & Samples

  • 5 + years related experience
  • Proven knowledge of IT project delivery lifecycles (e.g. Waterfall, Agile)
  • Understanding of technology infrastructure components, software development best practices and technology management processes
  • Able to be a leader across the organization, a valued partner, and subject matter expert on information risk management and IT project delivery
45

Director, Asia Information Risk Management Resume Examples & Samples

  • Acts as the champion for the divisions within the global and domiciled information risk programs in Asia to ensure that information is secured and protected in accordance with global IRM policies, standards and procedures. Also assist business partners in meeting local regulatory and compliance needs
  • Sets strategy, goals, and targets for the Information Risk Management team in Asia and assist the divisional information risk officer (DIRO) in implementing the divisional framework to measure and report on the achievement of IRM goals
  • Contributes and shapes divisional and global IRM projects and initiatives. Ensures division- and business-specific requirements and needs are accommodated whenever possible and practical in initiatives, projects and services
  • Supports business partners in establishing business continuity and disaster recovery priorities and requirements, and the management of business continuity executions. Supports IT partners in establishing disaster recovery requirements, and the management of disaster recovery tests and executions
  • Provides assistance to the Project Management Office and divisional IT leadership for risk management deliverables embedded in key processes, such as the system development life cycle (SDLC) process, the application management process and the change management process. Provide assistance and aid in developing key projects and division-wide initiatives like GO (the Investment Division’s transformation program)
  • Supports IT and business partners in the maintenance and execution of key controls required for audits and various risk and compliance purposes
  • Works closely with Global IRM and Asia Division IRM as well as the problem management, legal and compliance teams for incident management
  • Completes risk assessments, risk exceptions/acceptances as required for divisional clients
  • Additional duties as assigned
46

Information Risk Management Resume Examples & Samples

  • Maintain/update Risk, Threats, and Scenarios Library
  • Bachelor’s Degree or equivalent work experience required
  • 3-5 years of related experience, Risk/Threat Management experience is a plus
  • Able to be a subject matter expert on information risk scenarios and aggregation
  • Proven knowledge of information risk scenarios and analysis and identification of critical information risk themes
  • Knowledge and ability to leverage industry information sources to define information risk scenarios in line with industry trends and latest cyber threats
  • Knowledge of current industry trends in information risk management and threat analysis
  • Knowledge of Threat Modeling, Attack/Fault Tolerance Trees a plus
47

NIS Information Risk Management Manager Resume Examples & Samples

  • Supporting the strategic vision for information security management within the PwC global Network of member firms and contributing to the development of new security management domain expertise on an ongoing basis
  • Evaluating security requirements in one or more contexts, such as audit, vulnerability scanning, contract review, industry standards, and organizational policy and standards review
  • Working comfortably with all levels of leadership
  • Communicating and promoting the use Network security policies and standards
  • Comprehending the value of Network policies and standards, as well as business requirements, and the ability to recognize potential conflicts and arrive at successful outcomes collaborative
48

Information Risk Management Resume Examples & Samples

  • Focusing on Front Line Unit (FLU) compliance with second line policies/standards and the risk governance framework (RGF) defined by the second line of defense
  • Creating definition of FLU implementation plans to facilitate ongoing compliance and monitoring definition of FLU technical standards/operating procedures based on policies
  • Observing corrective action plans and remediation activities across the first line of defense and tracking execution of corrective action plans by FLUs to remediate control gaps
  • Sharing instances of non-compliance with the associated policy or standard owner and first line Information Technology Governance Committee (ITGC) for temporary approval
  • Purveying material FLU risk exposures and associated threats with the second line of defense for tracking and monitoring in the enterprise-wide risk and threat library
  • Communicating the status of FLU control gap remediation and coordinating with the second line of defense for independent review and challenge of FLU IRM activities
  • Synchronizing with the second line of defense and FLUs to define the required incident response playbooks
  • Requires a Bachelor’s Degree or equivalent experience, and a Master’s Degree in Business, Administration, Technology or related field is highly preferred
  • Deep understanding and experience working within the “Three Lines of Defense” model
  • Experience in conducting and designing risk assessments for technology
  • Knowledge of financial services industry and its regulations/laws
  • Understanding of control and risk management concepts and knowledge of operational aspects of the information risk business
  • Knowledge of risk management policies, methods, standards, processes and industry standard risk analysis
  • Significant experience designing, evaluating, and/or testing processes
  • Highly skilled at drawing and evaluating “specific function” processes, highlighting risk and controls
49

Information Risk Management Resume Examples & Samples

  • Overseeing completion of FLU risk mitigation plans to ensure they are consistent with enterprise-wide risk appetite, policies and standards
  • Consolidating first line information risk, threat and control libraries created by FLUs and identifying and analyzing material information risk exposures and emerging threats
  • Working closely with the First Line IRM Executive to develop information risk reports for the Board and Executive Committee for the Americas (ECA) on behalf of the CIOO
  • Performing sample based independent testing of FLU risk controls and relaying the results of such testing to the First Line IRM Executive and CIOO
50

Information Risk Management Resume Examples & Samples

  • Demonstrates a solid understanding of diverse IRM stakeholder needs and motivations and how to use IRM communications to strengthen the 3 Lines of Defense
  • Assists in the development of all content for enterprise-wide mandatory IRM training
  • Develops internal IRM staff training and front-line unit training
  • Supports a major multi-year project with communications, awareness, and training materials
  • 5+ years related experience
51

Information Risk Management Expert Resume Examples & Samples

  • Support the Corporate Head of IRM and BCM (CIRM) of ING Bank with research, fact finding, collecting evidence and documenting activities
  • Contribute to the development and maintenance of CIRM Strategy, Framework, Policies, Minimum Standards, Procedures, Methods and Techniques
  • Perform parts of the functional oversight of the global IRM community by means of QA reviews as part of our functional steering role
  • Be a trusted IRM advisor towards 1st LoD management and 1st LoD and 2nd LoD NFR risk specialists
  • Identify external / internal developments, initiatives and threats. Translate these pro-actively in IRM Vision, Mission and Strategy of ING Bank
  • Participate in, challenge and periodically report upon the risks of key strategic (IT/BCM) programs and projects
  • Participate and challenge in risk assessments on specific Operational Risk or Information Risk projects and programs, taking direction over junior ORM, BCM and IRM colleagues
  • Create and publish strategic and ad-hoc risk analyses, risk papers and risk reports with fact finding, research and documenting activities
  • Contribute to the identification of the impact of and the coordination of responses to law and regulatory changes, ECB reports, etc. and monitors the follow-up of the regulatory issue solving
  • Develop and maintain training modules, and train the IRM community
  • Experience as IRM Expert with at approx. 10 years in risk areas that are relevant for Information (Technology) and Business Continuity Risk Management
  • Track record as IRM, IT audit and/or IT (Security) expert
  • Good knowledge of Banking business, processes, procedures and systems
  • Collaboration skills and ability to work across both functional and geographical lines
  • Ability to earn trust and respect of clients, colleagues and senior management
  • Ability to be firm when needed and show flexibility when possible
  • Excellent analytical skills and sound judgment
  • University Degree or equivalent
  • Professional education and multiple international certifications for Information (Technology) and Business Continuity Risk Management (e.g. RE, ISC2, ISACA accreditations)
  • Fluent in English (written and spoken)
52

Director, Information Risk Management Resume Examples & Samples

  • Provides technical, administrative, and operational leadership to assigned project or tasks
  • At this level, the position is typically responsible for managing multiple tasks or a single large project and supervising up to 10 employees. Technical difficulty/complexity of assigned tasks/projects may also affect level selection
  • Assists with the development and implementation of a long-range strategic plan for the information security risk management function in support of the company’s information risk management program
  • Assists with establishing and implementing an information security program with effective policies, architectures, standards and guidelines. Oversees ongoing compliance
  • Develops and implements a standardized continuous risk assessment and compliance verification process. Monitors, measures, and reports information risk exposure to senior management
  • Interfaces with Facilities Services, Corporate Counsel, Compliance, and Human Resources concerning issues related to information risk to ensure compliance with established policies
  • Consults with senior IT and business leaders regarding their information risks and responsibility in minimizing those risks
  • Works with IT Project Management Office to establish information security standards and risk management procedures
  • Participates on technical advisory committees that evaluate new technology resources for program compliance
  • Remains current on technical changes and new technologies. Identifies and recommends opportunities for improving the company’s information risk management program
  • Recruits, develops, and motivates staff. Provides work direction and guidance including coaching, professional development and training. Initiates and communicates a variety of personnel actions including, employment, termination, performance reviews, salary reviews, and disciplinary actions
  • Bachelor’s Degree business or technical; or equivalent work experience
  • Ten or more years of experience with Information Risk or Information Security disciplines
  • At least eight to ten years of Management experience
  • Excellent critical thinking and analysis skills
  • Certified Information System Manager (CISM), Certified Information System Auditor (CISA), and/or Certified Information Systems Security Professional (CISSP) preferred
  • Demonstrated understanding and application of project management concepts
  • Knowledge of health care business and care delivery processes preferred
  • CISO certification preferred
53

Senior Manager, Information Risk Management Resume Examples & Samples

  • Developing and implementing the strategic vision for information security management within the PwC global Network of member firms and contributing to the development of new security management domain expertise on an ongoing basis
  • Understanding of IT security fundamentals across multiple domains, including (but not limited to) security management, security architecture, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, laws, investigations, and ethics; and,
  • Evaluating security requirements in multiple contexts, such as audit, vulnerability scanning, contract review, industry standards, and organizational policy and standards review
  • Managing strategic and tactical security policy and standards libraries based on those frameworks
  • Developing and managing structured risk identification, assessment, and treatment programs for large organizations
  • Managing internal assessment programs, coordinating response to internal and external assessment programs
  • Translating technical IT security concepts into business terms
  • Managing key ISMS components: information asset inventory, risk assessment, security policy and standards development, internal assessment, and report to management
  • Understanding existing and upcoming legislative and regulatory requirements by working closely with Network risk management and security organizations, as well as safeguarding that they are incorporated in the ISMS
  • Communicating, tracking and reporting audit and assessment findings and corrective action plans
54

Manager, Information Risk Management Resume Examples & Samples

  • Understanding of IT security or information protection fundamentals across one or more security, legal, privacy, or data regulatory domains, including (but not limited to) security management, security architecture, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, laws, investigations, and ethics; and,
  • Maintenance of security policy and standards libraries
  • Contributing expertise across multiple key ISMS components: information asset inventory, risk assessment, security policy and standards development, internal assessment, and report to management
  • Addressing risk utilizing standardized and consistent methodology
  • Assisting in responding to client inquiries regarding PwC security posture, including requests to audit, site visits, and independent audits; and,