Information Risk Manager Resume Samples

4.6 (57 votes) for Information Risk Manager Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the information risk manager job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Resume Builder
CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Create a Resume in Minutes
LH
L Halvorson
Luciano
Halvorson
730 Beer Trail
Boston
MA
+1 (555) 460 6772
730 Beer Trail
Boston
MA
Phone
p +1 (555) 460 6772
Experience Experience
Los Angeles, CA
Information Risk Manager
Los Angeles, CA
Kuvalis Group
Los Angeles, CA
Information Risk Manager
  • Assist with various Asset Management Information Risk Management program initiatives working closely with the Leads of respective programs
  • Provide input on business controls across Barclaycard to management information, monthly reports, steering committee packs and updates for senior management
  • Collaboration, creation, implementation and management of critical information management controls to ensure on-going management of identified risks
  • Contribute to the development of Barclays Group IRM policy, by providing a view on potential improvements for services and enhanced risk mitigation
  • Execute global and regional risk management initiatives from corporate Information Technology Risk & Security Management (ITRSM)
  • Manage certain centralised IRM control functions and processes such as LAM, DLP, Records Management, or Information Movement
  • The job holder will drive the improvements and strategic direction of the control programs for Barclaycard Information Risk Management
Chicago, IL
Cib-information Risk Manager
Chicago, IL
Bruen-Davis
Chicago, IL
Cib-information Risk Manager
  • Coordinate all relevant IT Risk activities (e.g., regulatory inspections and assessments, control testing, monitoring, reporting and remediation activities)
  • Lead/Oversee formal scoping meeting to ensure Third Parties are properly on boarded
  • Assist Delivery Managers in navigating the Third Party Oversight Program
  • Manage and monitor the IT Risk posture for the business, providing management with transparency over what these risks are and how they can be addressed
  • Provide timely reporting and escalation of issues to TPRM and TPMO Leads
  • Complete post review activities including documentation and quality assurance reviews
  • Act as a subject matter expert in relation to IT Risk, Control and Security
present
Los Angeles, CA
Senior Information Risk Manager Asia
Los Angeles, CA
Wunsch, Rosenbaum and Beier
present
Los Angeles, CA
Senior Information Risk Manager Asia
present
  • Influencing Groupwide Strategy relating to the Information Risk Management Policies, Standards and Controls
  • Supporting the implementation of consistent, effective and efficient controls for Information risk management across the company
  • Working closely with Business Units to provide IRM control standard subject matter expertise whilst driving consistency and efficiency
  • Strategy - Influencing Groupwide Strategy relating to the the Information Risk Management Standards and Controls
  • Inovation - Identifying, designing and delivering consistent toolsets, solutions and processes to support the mitigation of Information Risk, and managing the related program budgets
  • Provision of IRM SME advice, training and guidance to key stakeholders
  • Provision of subject matter expertise (SME) on Singapore regulatory mandates relating to information risk management
Education Education
Bachelor’s Degree in Repute
Bachelor’s Degree in Repute
The Ohio State University
Bachelor’s Degree in Repute
Skills Skills
  • Detail oriented and able to produce high quality work product
  • Strong written and oral communication skills and the ability to interact with senior management. Mature and good people skills are a prerequisite
  • Strong knowledge of Windows and Unix OS
  • Technology literate, including strong knowledge of Excel and reporting tools
  • Strong diversity skills able to communicate effectively with people from different cultural backgrounds
  • Demonstrable track record of strong team work and delivery, within and across departmental teams
  • Strong knowledge of networks and databases including MS SQL and Oracle
  • Strong leadership skills, resilience, able to influence senior management when dealing with complex and competing objectives
  • Strong and successful matrix management experience
  • Excellent judgment and proven decision making skills
Create a Resume in Minutes

15 Information Risk Manager resume templates

1

Cib-information Risk Manager Resume Examples & Samples

  • Assist Delivery Managers in navigating the Third Party Oversight Program
  • Lead/Oversee formal scoping meeting to ensure Third Parties are properly on boarded
  • Lead and/or participate in the Third Party Risk Management Review process including the development and review of assessment material, scope, onsite planning, onsite review execution
  • Review and document field work materials to ensure they are complete and meet JPMC expectations
  • Develop LOB knowledge in order to render risk opinions on issues identified by third party assessors
  • Accurately articulate technical and operational risk concerns to key stakeholders
  • Lead and/or participate in findings meetings with Delivery Managers and other key stakeholders to initiate and subsequently drive remediation efforts related to assessments
  • Complete post review activities including documentation and quality assurance reviews
  • Provide timely reporting and escalation of issues to TPRM and TPMO Leads
  • Bachelors Degree in a Technical discipline or 7 years equivalent experience required
  • At least 5 years experience in Operations, Third Party Management, IT Risk Management and/or Audit, or a similar control related function
  • IT Risk Management/Audit industry certification (such as CISSP, CISA, CRISC, etc.) a plus
  • The ability to articulate a clear understanding of Third Party Risk and/or Vendor Management best practices
  • An detailed understanding of IT Control Policies
  • Spanish speaker preferred
  • Strong Risk and analytical skills
  • Business Analysis - Advanced
  • Change Management - Proficient
  • Corporate IT Audit Process - Advanced
  • IT Risk Management - Advanced
  • Operations Systems and Data Sources Knowledge - Advanced
  • Performance Metrics & Reporting - Proficient
  • Product Life Cycle Management/Implementation - Proficient
  • Technical Problem Resolution- Advanced
  • Vendor Management - Proficient
  • Communication - Advanced
  • Contract Management - Proficient
  • Decision Making - Advanced
  • Industry Acumen - Proficient
  • Initiative/Risk Taking - Advanced
  • Interpersonal Skills - Advanced
  • Leadership - Advanced
  • Negotiation Skills - Advanced
  • Problem Management - Advanced
  • Program Management - Advanced
  • Quality Process Leadership - Proficient
  • Results Delivery - Advanced
  • Teamwork - Advanced
2

Am Information Risk Manager VP Ny Resume Examples & Samples

  • Planning, communicating, executing infrastructure and application self-assessments for AMIAS
  • Provide input and support in representing AM in cross-LOB forums for addressing and responding to IT Risk issues
  • Execute vulnerability management program, including management of ESM, Anti-Virus, and Patch deployment process across all servers and databases
  • Partner with GTI and IT Audit colleagues to address risk issues within the AM organization
3

Am-information Risk Manager VP-ny / OH Resume Examples & Samples

  • Project planning & execution background
  • Familiarity with technology and demand management practices
  • Access Management experience (desired, not required)
  • Leadership through influencing
  • Effective communication skills to 1-3 levels higher in the organization
  • Effective, timely problem resolution or escalation
  • Project Management certification not required
  • Data Analysis – Excel, Cognos, SQL
  • SharePoint knowledge & experience
4

Information Risk Manager Resume Examples & Samples

  • Provide oversight and consultation on potential issues that arise within Enterprise Access Administration, Engineering functions and tools, control self assessment, and regulatory guidance, as necessary
  • Ensure operational and engineering practices are in compliance with relevant risk standards, policies and regulations to maintain an effective control environment
  • Interface with various internal groups including Operations, Compliance, Risk Managers, Line of Business contacts,audit and Legal as necessary
  • Partner with regional/global lead to develop, implement, and execute various processes to monitor regulatory related controls to ensure that they are being effectively executed
  • Experience with operational risk analysis, process improvement, end-to-end process reviews, process flow mapping, procedure documentation, and develop of metrics and reporting. Experience performing deep dive reviews to identify process and control gaps. Controls awareness experience is a must
  • Minimum 2-4 years experience in regulatory compliance, operational risk, audit or risk management,
  • Minimum 2-4 years experience in access administration, security administration, or similar field
  • Experience working with Global I&AM tools and processes
  • Knowledge of Phoenix application and control self assessment (CSA) is preferred
  • Strong presentation skills to any level of management
  • Ability to work across LOBs and regions, balancing the needs of multiple organizations
  • Demonstrated ability to work independently on projects and produce required results in a timely fashion
5

Information Risk Manager Resume Examples & Samples

  • Assist and provide consultation to drive program issue resolution and/or escalation as necessary
  • Streamline communication mechanisms and processes to Senior Executives, Line of Business & Corporate Technology teams on Cybersecurity Program governance and routine Cybersecurity status
  • Continuous program governance improvement
  • Mentor team members
  • Financial management oversight
  • 7 plus years of overall IT related experience
  • Prior management experience required
  • Experienceworking in geographically distributed and culturally diverse organizations with strong team leadership, and organizational skills
  • Strong interpersonal skills to build strong, collaborative, cohesive relationships
  • Ability to prioritize and thrive in a fast-paced, changing environment
  • A proven ability to get results and create action within a strong controls environment
  • Knowledge of Cybersecurity Attacks, Threats and Tactics, system and application security threats and vulnerabilities a plus
  • Degree level education or higher required
6

Information Risk Manager Resume Examples & Samples

  • Collaborate with Information Risk Managers across lines of business to aggregate technical risks and findings in assets and systems to provide a holistic view of technology risk across a country location
  • Assess the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
  • Monitoring and analysis of country technology key risk indicators
  • Proactively identify potential risks based on changes to business models, technology models, and external trends
  • Develop executive level reporting and communications to support risk-informed business decisions
  • Understand and can consult on information security standards and industry best practices
  • Identify and maintain variances in policies and standards for addressing country specific regulatory requirements
  • Review proposed IT Risk Policies and Standards for conformance and input of country requirements
  • Reinforce Information Risk Policies and Standards, and provide risk management support to businesses running in country
  • Act as a coordination point for responses to any RFIs, audits or inspections
  • Monitor and report implementation of key initiatives to local country management and regional teams
  • Facilitate and assist with firm-wide technology control assurance in country locations
  • Interact with other relevant firm-wide control bodies (IT Governance, Audit, Operational Risk, Legal/Compliance, Resiliency Risk Management)
  • Promote and improve awareness of security threats, laws and regulations, policies and standards
  • 8 years of IT experience, the majority of which should be in an IT Risk or Security role, preferably in the financial services sector
  • Broad based knowledge of IT Risk, Security and disaster recovery/business continuity, with appropriate qualifications or certifications (CISM, CISA, CISSP or equivalent)
  • Significant analytical and critical thinking skills
  • Demonstrated technical abilities in multiple areas (e.g., technology infrastructure platforms or networks, application development, data protection, etc.)
  • Ability to manage multiple projects concurrently, work under pressure, and meet tight time commitments
  • Strong process orientation and understanding of operations and technology enabling candidate to provide support in the analysis, development and monitoring of controls
  • Ability to build and maintain collaborative working relationships with Information Technology and Business to design and assist in the execution of appropriate controls design and monitoring
  • Proven ability to develop and maintain senior level stakeholder relationships
  • Strong Program/Project Management and influencing skills
7

Cib-cio-information Risk Manager Resume Examples & Samples

  • Application Security – maintain the use of static code and dynamic application analysis tools within the SDLC to assist with identifying and preventing issues early on in the development lifecycle; Create, maintain, and present metrics that measure the effectiveness of the application risk management efforts over time; perform research as necessary on reported issues and emerging risks to identify best-practice solutions
  • Application Assessments – jointly facilitate Application Security Assessment process and reporting for applications and underlying infrastructure – risk classification, application control assessments, Third Party Reviews, etc; work closely with Application Development Managers, Operate, and Infrastructure teams to identify gaps in IT/risk controls, design new controls, and develop and track Action and Remediation Plans
  • Engagement - Align with the firm’s IT Risk and Security Management organization to remain aware of control initiatives taking place outside of our Line of Business; make recommendations for our engagement as needed
  • Audit - Work closely with Internal and External Auditors during planning and fieldwork to understand and help drive review scope, processes, and documentation requests; ensure that identified issues are framed accurately with resulting action plans that are focused on the issue, with clear ownership and deliverables, and realistic timelines for resolution
  • Access Administration – Jointly review Access Administration and Recertification procedures and develop plan for the design, deployment and administration of Role-Based Access Control (RBAC)
  • Minimum 5 years of work experience as an Information Risk Manager , IT Auditor, or Information Security Officer with the ability to understand and interpret the impact of policy and procedural changes, as well as identify and convey potential problem areas
  • Minimum 3 years of work experience in Application Security, including hands-on experience with software security testing and common testing tools like Appscan, WebInspect, Fortify, etc
  • Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Certified Secure Software Lifecycle Professional (CSSLP) preferred
  • Work experience as an Application Developer, Infrastructure Manager, Systems Administrator, or Database Administrator will be an advantage
  • Detail-oriented and able to quickly understand a complex suite of applications spread over a diverse infrastructure (Unix, LDAP, Sybase, and Oracle)
  • Ability to partner with colleagues and develop positive working relationships to create an open environment for sharing risk identification and resolution practices. Must be able to work with diverse personality styles
  • Able to work independently as well as manage project teams by providing oversight and directly influencing change
  • Strong analytical skills and ability to perform data analysis
  • Excellent listening, written and verbal/presentation skills all required
  • Flexible and able to adapt to workflow variations, directional changes, and overlapping roles and responsibilities
  • Working knowledge of MS Office Applications, MS Project, and Visio
  • Familiarity of internal Operational Risk Management system (Phoenix) is desirable
  • Strong time management and planning skills
8

Information Risk Manager Resume Examples & Samples

  • Build business requirements documents needed to enhance the system to meet the needs of it’s end users and owner
  • Fully vet all requirements for the tool with necessary stakeholders and clearly set expectations for what the tool is capable of
  • At least 5-10 years of experience in the following fields: information risk management, information security management, operational risk, IT control environments
  • Experience authoring business requirements document and other general SDLC knowledge
  • Excellent expertise in MS Office Suite, particularly in PowerPoint, Excel, and Visio
  • Business Intelligence Reporting Tools Knowledge – in particular Cognos
  • Knowledge of COBIT and ITIL standards desired
9

Corp-information Risk Manager, Based Resume Examples & Samples

  • The incumbent must be able to partner across the technology and business teams to maximize the quality, integration and effectiveness of the risk management coverage. This requires a very proactive, open and communicative approach through all aspects of planning and execution
  • Such partnership is also expected in dealing with the other LOB risk managers as we share common goals of providing a well-controlled operating environment to maximize value to our shareholders
  • Act as the primary contact for JPMC with local regulators, for all IT Risk aspects, and coordinate all responses to any requests, audits or inspections
  • Drive the IT Risk and Security Agenda for Argentina; provide sponsorship for global initiatives and regular updates to Argentina COO and Technology management
  • Participate in selective Firm-wide and industry-wide forums and working groups to ensure linkage between the location and any external or internal requirements
  • Participate in global IT Risk and Security Management activities, and lead specific activities as required
  • Monitor LOB exceptions to IT Risk Policies & Standards
  • Reinforce Information Risk Policies and Standards, and provide risk management support to businesses running in Argentina
  • Maintain and track Argentina risk posture
  • Provide expertise in current industry trends in information risk and security standards and best practices
  • Coordinate with the Global Security and Investigations team during crisis
  • Strong related business experience, including experience in IT Risk Management and/or Technology Audit functions
  • Project management skills to execute risk related projects effectively and the ability to resolve conflicts
  • Subject matter expert on technology risk management, with knowledge of industry best practices
  • A proven track record of risk analysis and implementing successful risk management solutions
  • One of the following preferred CISSP / CISM / CISA
  • Excellent negotiation and influencing skills
10

Information Risk Manager Resume Examples & Samples

  • Execute global and regional risk management initiatives of CCB across India and Philippines
  • Promote implementation of information risk processes and procedures
  • Track and report on the infrastructure risk compliance to the IT control policy, processes and procedures
  • Provide advice and expertise on risk posture of the business by delivering timely and independent feedback to senior management
  • Evaluate and determine the adequacy of internal controls and track any remediation of issues identified
  • Execute and monitor Project compliance to IT Risk Management Policies & Procedures
  • Assist Business Managers in meeting control requirements and regulatory standards
  • Execute global and regional risk management initiatives from corporate Information Technology Risk & Security Management (ITRSM)
  • Conduct compliance/control reviews, as appropriate
  • Maintain control/compliance training programs and seek to ensure that all employees are educated on all security control and regulatory requirements that affect their business
  • Promote and facilitate control and compliance initiatives, such as risk councils, systems security efforts, third party reviews, due diligence initiatives, corporate committees focusing on major security undertakings
  • Manage relationships with internal/external auditors including the firm's regulators
  • Promote teamwork, quality, professionalism and respect by treating everyone as a valued customer
  • A bachelor's degree and approximately 12-15 years of related work experience
  • Minimum 7 years experience in Technology Risk Management or as an IT Risk adviser
  • At least one of the qualifications such as CRISC / CISA / CISSP / CISM certification
  • Strong understanding of Data Protection, Identity and Access Management, Application Security, IT Infrastructure Security, Security Operations, Security Event Management, Threat and Vulnerability Management, Cyber Security,
  • Strong understanding of the Industry wide best practices, policies & procedures, techniques in the area of risk management
  • Solid understanding of internal risk and control concepts (e.g. Control Self Assessment, CSA) and analytical skills to identify weakness and root causes, and provide effective and efficient recommendations to address issues
  • Subject matter expert on technology risk management
  • A good understanding of IT in Banking and Financial organization is a plus
  • Technical background and working experience in managing IT risk and information security in large enterprises
  • Strong people management skills. Should have managed teams in previous roles
  • Strong written and oral communication skills and the ability to interact with senior management. Mature and good people skills are a prerequisite
  • Sound presentation skills including the ability to communicate risk posture clearly and concisely
  • The ability to work effectively under pressure, tight schedules, and flexible hours
  • Excellent judgment and proven decision making skills
  • High level of energy, and can work under pressure with minimal supervision
11

Information Risk Manager Resume Examples & Samples

  • Execute day-to-day LAM team control activities and tasks, with the appropriate level of control, ensuring minimal findings from internal and external audit
  • To provide LAM control MI and related risk reporting to IRM management and business stakeholders
  • To oversee Management Self Assessments (MSAs) and perform conformance testing of LAM controls to assess risk posture for Barclaycard
  • Work with various levels of management to develop solutions that are acceptable to balance risk and reward in regards to the protection of Barclaycard data
  • Provide subject matter expertise to business stakeholders for Access Management control design and operation including support for on boarding new applications into the LAM control programme
  • Collaboration, creation, implementation and management of critical information management controls to ensure on-going management of identified risks
  • Act as point of reference for Access Management related queries from Barclaycard business units
  • 60%
  • Execute Access Recertifications, assuring timely access removals and changes in accordance with Information Security standards and the Global LAM operating model
  • Operate Grey List Management control, assuring SLAs are achieved for remediation of unmatched accounts
  • Operate Segregation of Duties (SOD) breach management control, assuring SLAs are achieved for remediation or risk acceptance by the business
  • Perform Conformance Testing to validate operational effectiveness of LAM controls
  • Oversee and assure timely business review of application security schemas
  • Support IRM LAM leads with application onboarding and decommissioning into the LAM program and toolset
  • Support Business Change, assessing impact to LAM controls and facilitating changes in the tools, security schema and role book documentation
12

Information Risk Manager Resume Examples & Samples

  • The job holder will drive the improvements and strategic direction of the control programs for Barclaycard Information Risk Management
  • Define, implement and support Barclaycard wide governance and testing strategy for compliance with Corporate level standards and policies
  • Strong knowledge and understanding of Group and Cluster policies and standards to enable best practice and consistency across Barclaycard
  • Identify and assess key information risks and issues across Barclaycard organisations and establish measures and metrics, such as the lack of adequate protection (encryption, authorization, authentication) of data moved external to Barclaycard
  • Develop, publish, and socialized specific positions around existing and emerging Information Risk topics to colleagues and senior management. Be able to defend these positions to the targeted audience
  • Manage and deliver strategic direction and initiatives including organisation-wide conformance programs, industry changes, and business driven change
  • Provide subject matter advice and guidance into all areas of risk and control across information risk management
  • Provide support and guidance for the consolidation, monitoring and challenge of Barclaycard risks and controls
  • Manage certain centralised IRM control functions and processes such as LAM, DLP, Records Management, or Information Movement
  • Integrate into a maturing Global Information Risk Management organization to provide scale and efficiencies for Barclaycard
  • Work with senior managers and Executives to identify and set risk appetite and gain sponsorship to governance approaches including preparing reports on risks and controls for communications to this audience
  • Perform detail current state assessment of risk posture and emerging threat impacting Barclaycard
  • Define governance and assurance processes to ensure the successful management of information risk management including definition of measure and metric, assessments, conformance and preparation of MI
  • Provide input on business controls across Barclaycard to management information, monthly reports, steering committee packs and updates for senior management
  • Provision of principal risk support, particularly during the quarterly attestation process, to drive compliance with Principal Risk policy and requirements of Barclaycard G&CC
  • Design and implementation of key information management frameworks and processes across Barclaycard
  • Plan and run risk-based programmes and projects including development of processes, procedures, automation and standards across the Barclays matrix environment
  • Act as point of reference for governance & control related queries from Barclaycard business units
  • Provide technical advice, guidance and support on information management operations and governance
  • Develop written, clear, defensible positions regarding Information Risk Management topics
  • Presenting IRM positions and strategic direction to peers and Barclaycard Management
  • Co-operate with Corporate and business projects with a dependency on IRM governance & controls
  • Developing roadmap and strategic direction on core IRM topics and threats
  • Line management, team development and leadership of specific IRM function or responsibility
  • Operation of allocated centralised IRM controls and supervision of team effectiveness and efficiency in operating these controls
  • Understand the appropriate Policies & Standards applicable to the role through reading the Code of Conduct and other training allocated. Where responsible for risks and controls ensure that these are appropriate and fit for purpose
  • Ability to interact and engage with senior colleagues across Group Risk, Internal Audit, Technology and Business Operations globally
  • Ability to solve complex problems
  • Leadership experience in a complex, matrixed organization
  • Ability to multi-task and eliminate obstacles
  • Extensive experience in a risk and control oriented role e.g
  • Internal/external audit
  • Operational risk
  • Risk reporting
  • Logical access management
  • Business continuity/contingency
  • Other risk oriented function
  • Proven experience using formal risk and control assessment methodology
  • Strong understanding of information risk management topics and disciplines
  • Proven experience of senior stakeholder management in a matrix environment
  • Proven experience of successful project delivery on a minimum of 2 projects
  • Strong planning and organisation skills
  • Demonstrable experience in undertaking formal compliance measurement activities
  • Proven experience in the definition, design, documentation and implementing of operational process including proficient use of process mapping tools e.g. Visio
  • Data analysis skills desirable
  • Strong financial business acumen, Credit Card experience preferred
  • Financial Regulation knowledge: FSA, GLBA, Privacy Laws
  • International experience and/or experience of working successfully in different cultures in a sensitive manner in order to create strong relationships with senior leadership
13

Country Information Risk Manager Resume Examples & Samples

  • 19th August, 2014
  • Lead Information Security Governance, Information Risk Management and ISO 27001 implementation for Barclays Uganda
  • Champions the cause of Information Risk/Security, including Data Privacy, Records Management, Physical Security, Disaster Recovery Planning (IT System), Logical Access Management, Projects, Security awareness etc
  • Promote Barclays as a secure organisation to do business with, embedding Information Risk Management in to the local culture
  • Develop plans, goals, objectives, and other project management aids for the implementation and maintenance of best practices and frameworks such as ISO 27001 and COBIT across country sites
  • Champions the cause of Information Risk Management in country by implementation of Barclays IRM framework, policies, standards, guidelines, procedures and resulting controls to include Education & Awareness, Information Classification and Handling, Records Management, Data Quality and Logical Access Management
  • Ensure implementation of key controls for Data Privacy, Social Media and Physical Security
  • Ensure and liaise with Group Risk Key Owner (GKRO) and Business Unit Key Risk Owner (BUKRO) for implementation of key policies and decisions
  • Ensure controls implementation in tune with cost-benefit analysis and risk appetite
  • Plan and implement effective IRM Risk Assurance Framework (comprising of Management Self-Assessment, Conformance Testing, RCSA Testing, Conformance Review and IRM Calendar of activities)
  • Perform Evidence based Conformance Testing programme in line with the Risk Assurance framework must be implemented
  • Ensure local risk assessments to assess all processes and systems, clearly identifying risks/issues and the controls required to mitigate those risks/issues. (This line is not clear)
  • Lead local IRM team to implement effective Logical Access Management framework for risk against unauthorised access to Barclays information; (Joiners, Movers and Leavers; Access Directory; Applications; Databases; Servers Network devices etc.)
  • Ensure Logical Assess Management for all operations processes is documented, implemented, maintained and periodically reviewed as per Group IRM standards and SOX requirements. Access permissions must be developed to support Segregation of Duties
  • Ensure ISO 27001 is implemented for all country sites and processes
  • Responsible for ensuring that specific Information security controls and solutions are applied and comply with the Group Technology/ Group Information Security Policies, and consequently meet the businesses requirement and safeguards Barclays reputation
  • Monitor compliance of policies and standards and drive the closure of gaps
  • Drive IT Security for IT infrastructure & projects
  • Develop plans, goals, objectives, and other project management aids for the implementation of ISO 27001
  • Champion the cause of DRP (Disaster Recovery Planning). Ensure DRP is tested as per schedule
  • Ensure Key Indicators are established for governance of IT Security and released to leadership
  • Drive team to work with Server/ Desktop/ Network SMEs to implement key IT controls
  • Analyse various data sources (RCA, Risk Events, BIA audits, SOX, ISO 27001 etc.) to identify pervasive control weaknesses and areas of control deficiency
  • Support and govern the process by which identified control issues of organisation (country) level significance are escalated to Controls Committee and management
  • Provide expertise to support management in documenting the control issues and defining relevant and robust remediation strategies to mitigate and close significant control issues. Tracking approved deviations from organisations policies and seeking dispensations
  • Embed Information Security standards & guidelines in line with Barclays Bank policies
  • Maintain Detailed Risk and Control self Assessment for the function
  • Policy Management: To provide appropriate governance over the management of policies related to Group requirements and RBB Principal Risks
  • Monitoring and reviewing adherence to the policies/ standards/ procedures related to Country IT Risk/ Information security
  • To lead and motivate staff, both direct, indirect reports, peer groups and at both senior and junior levels. Identifying individual and team development needs, providing coaching and recommending and/or arranging training
  • Be self-driven
  • Conduct formal performance and development reviews for direct reports
  • Bachelor’s Degree in Information Security or equivalent relevant degree of repute (NQF level no 7.)
  • 9 years (Technical/Managerial) experience in IT
  • Preferred: CISSP/CISA/ CISM/CRISC
  • Strong track record in information risk management and its constituent disciplines, including relevant industry standards e.g. ISO27001, ISO17799, COBIT, SOX 404
  • Well versed in IT control frameworks / ISO 27001 implementation experience
  • Good technical skills on Information Technology and Disaster recovery
  • Knowledge and understanding implications, to Barclays, of the laws and regulations associated with Information Risk
14

Information Risk Manager Resume Examples & Samples

  • Develops strategies to meet Corporate IT Control policy requirements, and/or defines new policies to satisfy changing business requirements
  • Assesses, plans and/or architects control initiatives aligned to mitigate specific Line of Business (LOB) or firm-wide IT risk
  • Audits or consults on information risk management practices to various constituents within a LOB or across the firm, as well as externally, including regulatory bodies
  • Responsible for managing, coaching and mentoring less experienced team members
  • Act as primary liaison to the CIO, Global Technology Infrastructure
  • Drive action within the line of business ensuring the risk and control agenda is met
  • 15+ years of experience in Information Technology
  • 7+ years experience in Information Risk Management
  • Basic knowledge of process frameworks
  • Advanced in several IT Control practices and Project Management
  • Experienced in working across a LOB or an enterprise
  • Proficient Vendor Management experience
  • Security Certifications i.e. CISSP, CISA
  • General technical knowledge of Datacenter activities, operating systems, and control related infrastructure software (e.g. used for job scheduling, change management or information security, etc)
  • Lead small teams / business critical projects
  • Strong interpersonal and communication skills
15

Information Risk Manager Resume Examples & Samples

  • Well versed in all areas of application, network, and system security
  • Desire to drive change and deliver creative solutions
  • Strong analytical mind and approach to problem solving
  • IT Risk & Security related professional certifications: CISSP, CEH, SANS, CIPP/US
  • Master’s of Science Degree or related experience in Computer Science, Computer Engineering, Voice/Data Networking, Information Assurance or related fields
  • 10-15 years progressive experience including first-hand technical experience or front-line management in multiple disciplines (ie. System Administration, DBA, Incident Management, Network Engineering, IT Security Monitoring & Incident Response, IT Forensic investigations, etc)
16

Information Risk Manager Resume Examples & Samples

  • Support the strategy (aligning to Barclays Group requirements) for LAM / EUC forOne Africa
  • Be the subject matter experts and support the One Africa Cluster and its Business units on all aspects of LAM / EUC
  • Be knowledgeable on all IRM domains and provide guidance to the front office on implementation of the Policy and Standards
  • Own the LAM / EUC aspects of the Group IRM Policies and Standards
  • Develop the detailed frameworks to support the implementation of LAM / EUC. Support the implementation of the necessary toolsets to enable implementation of these frameworks
  • Update, maintain and validate risk events
  • Input to RCA’s and Risk Appetite created by IRM Governance, Risk and Reporting function
  • Define generic material for awareness and training as well as specific training material to cater for specific in-Cluster needs
  • Support the Conformance and Validation team as IRM LAM / EUC subject matter expert
  • Challenge and review any DWB from the One Africa Cluster and its Business units and assess DWB cluster requirements
  • Contribute to the development of Barclays Group IRM policy, by providing a view on potential improvements for services and enhanced risk mitigation
  • Support any related Group Level LAM projects
  • Create and maintain a central communication portal for LAM / EUC and ensure knowledge content is fully up to date
  • Define LAM / EUC requirements to be considered in projects and SDLC
  • Act in a consultative capacity to provide input to front office teams in terms of remediation plans for RCAs, Key Indicators, Risk Events, Audit Findings and CSAs as and when required
  • Obtain a thorough understanding of Business LAM / EUC challenges in business and assist Front Office teams to define control measures aligned to IRM policy
  • Review incidents and audit findings related to LAM / EUC to understand current issues experienced in business
  • Develop and maintain good relationships with IT Security, IT Risk, and Data Privacy, Legal and Group Sourcing
  • Good understanding of Business strategies and initiatives which impact on LAM / EUC
  • Outputs to deliver this accountability: Support and ensure a high performing team by embedding LAM / EUC principles and informal coaching
  • Encourage frequent knowledge sharing between team members
  • Stay abreast with knowledge and skills relevant to the level and area of work, as well as actively seek to attain those required for the next level of work
  • Continuously enhance corporate expertise by analysing its drivers, key indicators, relationships and trends; and
  • Report LAM / EUC control deficiencies to Executive Management and actions required to effectively manage RM risks. This should include reporting on control issues, SOX control requirements, Internal and External audit observations
  • Ensure the timely completion of operational reporting, submitting in accordance with Africa/Barclays Group requirements
  • Plan, monitor and report back on progress of the LAM / EUC initiatives and escalate unresolved issues to the relevant IRM stakeholders and governance committees
  • Perform all other duties as reasonably assigned
  • NQF 6 or Degree or National Diploma or Equivalent
  • Degree in information, compliance, risk and/or IT Security
  • Accredited LAM / EUC courses
  • 5 years in Financial Services or related industry. 5 years in Financial Services or related industry
  • 4 years experience, preferably in LAM / EUC / IT Security and Risk management related role
  • Experience fulfilling a consulting role
  • Proven relationship with executive management and communication skills
  • Extensive Microsoft office skills (Word, Excel, PowerPoint, etc.)
  • Reasonable understanding of the principles, practices, and techniques related to Information Risk Management
  • A good understanding of the issues faced with outsourcing to external vendors and experience of conducting vendor assessments
  • Knowledge and understanding of the implications, to Barclays, of the laws and regulations associated with Information Risk
  • Knowledge of wider aspects of control, operations and processes
  • Detailed understanding of the Risk assessment processes
17

Information Risk Manager Resume Examples & Samples

  • Governance and oversight of vulnerability management activities to develop solutions to address control gaps
  • Execute vulnerability management program, including deployment and management of ESM, Anti-Virus, and Patch management across CCB servers, databases and workstations
  • Drive remediation compliance of breaks across CCB and vulnerability assessments
  • Produces vulnerability, configuration, and coverage metrics & reporting do demonstrate assessment coverage and remediation effectiveness
  • Works to identify and resolve false positive findings
  • Maintains an awareness of existing and proposed security standards, industry best practices, legislation and regulations pertaining to information security
  • Prevents/anticipates problems and focus on continuous improvement of manual and automated processes
  • Creates and updates documentation related to Vulnerability Management processes
  • 7+ years of technical work experience within Information Technology, experience performing vulnerability assessments is a plus
  • 3+ years of team management experience
  • Solid understanding of technology, operations, and business processes
  • Experience and aptitude to presenting and influencing
  • Demonstrated ability to execute projects from end-to-end with consistent attention to detail
  • Experience using vulnerability assessment tools is a plus
  • Information Security and control certifications is a plus - CISSP, CISA, CEH, SANS-GIAC
18

Cib-information Risk Manager Resume Examples & Samples

  • Experience presenting risk and control agenda to management
  • Experience working in a large global matrix organization
  • Ability and energy to design and drive change
  • At least 10 years experience in technology or IT risk management, preferably for financial institution and/or strong background in IT Risk Advisory
19

Information Risk Manager Resume Examples & Samples

  • Significant experience in an Information Risk background,
  • Thorough understanding of the information risk issues that are relevant to our business and financial services more widely
  • Experience of working within information security, including infrastructure security architectures and configurations, application/database security, encryption mechanisms, logical data/information storage techniques and mobile technologies
  • Strong leadership skills, resilience, able to influence senior management when dealing with complex and competing objectives
  • Evidence of innovative thinking that challenges the status quo to improve control, efficiency, understanding
  • Demonstrable track record of strong team work and delivery, within and across departmental teams
  • Strong and successful matrix management experience
  • Strong analytical and project management skills
  • Strong academic background, educated to degree level or equivalent
  • Information risk / operational risk, especially in relation to:-
  • Logical Access Management
  • Information Classification
  • Data Leakage Prevention
  • Business knowledge
  • Coordination and communication
  • Functional Analysis – Business
  • Security Management
  • Control
20

Information Risk Manager Resume Examples & Samples

  • Experience of establishing and driving controls assurance and remediation programs in a large corporate setting
  • Proven track record of assessing control environments and delivering improvements and changes driven by legal and regulatory requirements
  • Sound understanding of threats, risks, impacts and associated mitigations in complex technology environments
  • Experience of interacting in any capacity, with Internal/ External auditors and participation in different stages of the audit life cycle
  • Exposure to technology operations
  • Experience and understanding of IT, balanced scorecards and management dashboards linked to KPIs and corresponding metrics for KRIs
  • Experience of controls assurance practices covering both business and technical controls
  • Knowledge of relevant policies and standards and industry best practices
  • Awareness of various IT Governance and Control frameworks such as COSO, COBiT
  • 3 plus years Governance and Control experience within a technology organization
  • Previous experience of managing Middle and Senior Management relationships
  • Knowledge of Payment/Card Services industry focusing on international compliance requirements
  • Degree qualified (or equivalent) and/or High Performance track record throughout career
  • Relevant professional certifications in Audit or Risk Management or IT Security
  • Awareness of 3rd party related Controls Assurance frameworks such as SOC/ SSAE
  • Knowledge of Retail banking operations and the financial services industry and the regulatory and legal requirements governing IT in developed and developing markets
  • Proven track record of managing or participating in the risk management life cycle activities risk identification, assessment, remediation, reporting and governance
  • Excellent verbal and written communication capabilities with the ability to interact with and influence a range of senior stakeholders across the organization
  • Ability to support and deliver through others, whether direct reports, virtual teams or 3rd parties, working as part of a distributed global team
21

Am Information Risk Manager VP Resume Examples & Samples

  • Identification and analysis of IT processes
  • Identification and documentation of key risks (inherent and residual)
  • Control identification and test procedure creation
  • Identification of gaps and providing guidance on solutions. · Oversight of RCSA quality; tracking of delivery against targets and status reporting
  • Development and maintenance of Risk and Control Matrices
  • Risk identification, control design and testing procedure creation
  • Quality assurance reviews of RCSAs
  • 5 years IT Risk, Audit or Operational Risk experience or equivalent work experience with a strong understanding and experience with IT general controls including SOX and SSAE16,
  • Strong communication skills across varying organizational levels and entities
  • Experience in managing projects helpful
  • Financial services technology audit and controls
22

Business Information Risk Manager Resume Examples & Samples

  • The planning and implementation of organization-wide strategies, policies and programs for the management of operational security risk. · Establish and lead the implementation of risk management strategies, processes and programs that are aligned with business strategies and objectives through education, influence persuasion, and other appropriate mechanisms. Manage the resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Apply lessons learned to adjust strategies and programs to reduce the risk or impact of incidents. · Develop, execute and provision expert advice on security, information risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems. · Procure and govern information risk management services and consultants. · Facilitate the professional development of IT practitioners, including initiation, monitoring, review and validation of individual training and development plans in line with organizational or business requirements, counseling of participants in all relevant aspects of their professional development, identification of appropriate training/development resources, liaison with external training providers and evaluation of the benefits of professional development activities. Scope of this role
  • Has authority and responsibility for all aspects of a significant area of work, including policy formation and application. · Is held fully accountable for actions taken and decisions made, both by self and subordinates. · Influences decisions critical to organizational success. · Influences developments within information systems industry at highest levels. · Advances exploitation of information systems within one or more organizations and/or the advancement of knowledge. · Develops long-term strategic relationships with customers and industry leaders. · Leads the formulation and application of strategy. · Work involves application of highest level management and leadership skills. · Has deep understanding of security information systems industry and emerging technologies, regulatory and compliance standards and implications for the wider business environment. Primary responsibilities
  • Plans and manages the implementation of organization-wide processes and procedures, tools and techniques for the identification, assessment and management of risk inherent in the operation of business processes and of potential risks arising from planned IT-enabled change. · Negotiates agreements and implements risk management controls, in partnership with legal counsel, contracting offices, and business owners, with suppliers for the supply of IT products and services on terms that meet assurance of availability, integrity, authentication, confidentiality, and non-repudiation. · Protects and defends information and information systems by ensuring availability, integrity, authentication, confidentiality and non-repudiation through risk management programs and processes including consulting, compliance, inspection, communication, awareness, incident response, management processes and metrics. · Directs, manages, plans and administers the operational and administrative efforts associated with the information security risk governance program. · Contributes to the development of training and awareness, content and completion of training programs · Participates in the development of information security strategy, policies and procedures which promote secure operations. · Ensures that appropriate action is taken to investigate and resolve incidents and problems in systems and services. Oversees the implementation of agreed remedies and preventative measures. · Participates in the design and modeling of security within all client RFPs, contracts, and contractor agreements. · Develops PDSI information risk policies, standards and guidelines within the corporate security framework. Prepares and maintains organizational strategies that address the evolving business risk and information control requirements. Works effectively with strategic organizational functions such as corporate security, human resources, legal experts, business functions and technical operations to provide authoritative advice and guidance on the requirements for controls. · Provides organizational leadership and maintains the appropriate level of subject matter expertise in the area of information risk management within the organization. · Builds a business case to support enhancement of identification, assessment and management of enterprise and application risk. Develops and tracks accurate spending forecasts and the rationale behind them. Captures and reports actual spending on functions, including hardware, software, services and personnel. Analyzes the request for services and negotiates the delivery of products and services at an optimized price point. · Advises on risk management policies, and assists with the creation and publication of strategies for managing risk to the continuing effective operation of the business. · Plans and manages the implementation of PDSI organization-wide processes and procedures, tools and techniques across multiple information risk areas, for the identification, assessment, and management of risk inherent in application development/platform delivery, operation of business processes and of potential risks arising from planned IT-enabled change. · Identifies and categorizes strategic and operational risks. · Identifies and advises on emerging risk areas. Sets the course of action for the evaluation and mitigation of identified risks (including probability/frequency of occurrence, impact, and severity). Educates and influences key stakeholders to implement the course of action. · Determines and drives an appropriate course action, including contingency planning, and countermeasures. · Guides, encourages, leads, and develops junior colleagues, in the disciplines of Risk Management. · Assesses legal and best practice issues, and promotes awareness of national and international laws, including those relating to availability, integrity, confidentiality, privacy, etc. · Determines appropriate and practical performance measures, to ensure that information assurance priorities set by the business can be effectively monitored. · In the context of Business Continuity, assesses protection, detection, and reaction capabilities, to determine whether they are sufficient to support restoration of information systems in a secure manner. · Guides, encourages, leads, and develops junior colleagues, in the disciplines of Information Assurance. · Manages assessment of threats to confidentiality, integrity, availability, accountability and relevant compliance. Takes ownership of security control reviews, business risk assessments, and reviews that follow significant breaches of security controls or IT service disruptions. · Leads the development and promotion of the technical specialism. Initiates and authorizes release of quality standards and policies relating to the technical specialism. · Maintains teams subject matter expertise and knowledge of the technical specialism at the most detailed and comprehensive level. Takes an active part in appropriate professional organizations. · Leads organization wide programs and risk management specialists within Xerox-PDSI. Articulates best practice in the technical specialism and articulates how to apply it to the Xerox business and technical environments. · Takes full responsibility for leading risk management programs and improvements. · Guides, encourages, leads, and develops junior colleagues, in the disciplines of Information Risk and technical specialism. Education
  • Extensive experience in Cyber Security, Information Technology or relevant business area. · Has a clear understanding of the concepts and practice of life-long learning and continuing professional development. · Possesses good technical knowledge of the work carried out by assigned participants and is able to coach them. · Has a good understanding of the application of objective measurement and assessment techniques. · Demonstrates leadership qualities and is capable of managing a team of people. · Full range of strategic management and leadership skills. · Understands, explains and presents complex technical ideas to both technical and non-technical audiences at all levels up to the highest in a persuasive and convincing manner. · Is able to understand and communicate the potential impact of emerging technologies on organizations and individuals and can analyze and communicate the risks of using or not using such technologies. · Takes initiative to keep both own and subordinates skills up to date and to maintain awareness of and, in own area(s) of expertise. · Demonstrates above average communication skills with an aptitude for dealing with users, colleagues and suppliers. · Has a broad knowledge and understanding of security related IT concepts and architectures, coupled with practical knowledge of problem management and the principles and processes of implementing and delivering IT services. · Shows aptitude for analyzing and managing problems arising from incidents and risks in the operation of information systems. · Has general awareness of the nature of business-critical incidents, and of their implications for the business. · Has an understanding of the organizations financial processes and participates as necessary to establish, maintain, and track budgets as it relates to the implementation of information security programs, disaster recovery programs, information privacy programs, and/or IT control programs. · Is accomplished at creating investment strategy contracts, financial requirements and is accomplished at persuading senior management to invest in supporting programs. · Has a good understanding of third party management and negotiating skills. Additional role requirements (basic understanding of the following)
  • Access Control Systems and Methodology · Telecommunications and Network Security · Business Continuity Planning and Disaster Recovery Planning · Security Management Practices · Security Architecture and Models · Law, Investigation, and Ethics · Application and Systems Development Security · Cryptography · Computer Operations Security · Physical Security · CISM, CISSP, Related certifications or equivalent experience required · Internal contracting / sourcing practices · Relevant industry standards awareness / governmental regulations awareness · Finance / business understanding · U.S. and international privacy laws · Information management practices as it relates to privacy · Privacy implications of emerging technologies · HIPAA, COPPA, GLBA, APEC principles · OECD guidelines · EU Directive and Safe Harbor · Employee records management · Workplace monitoring · Incident handling · PII · Web forms and cookie files · Spyware · Spam · Certifications desired: CIPP or other related certification. /Xerox is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, sex, marital status, sexual orientation, physical or mental disability, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply or compete for employment with Xerox may request such accommodation(s) by sending an e-mail to accommodations@xerox.com. Be sure to include your name, the job you are interested in, and the accommodation you are seeking./
23

Cib-information Risk Manager VP Buenos Aires Resume Examples & Samples

  • Support the implementation of an effective risk management program, execution and monitoring of technology risk and control processes as required, fostering the maturity of activities designed to actively support the information risk portfolio and risk awareness process across CIB LATAM
  • Interpret and assist the interpretation of corporate and industry control guidelines and policies and support the communication of these clearly alongside current status, and guide constituents to ensure compliance in a pragmatic fashion
  • Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
  • Support the documentation process of information risk control issues/gaps as well as the remediation plans, investigating and resolving control incidents
  • Support the building of a culture and climate focused on the pro-active awareness of, and continuous improvement in, the technology risk environment, utilizing existing training materials and developing bespoke content where applicable
  • Support all dashboards preparation/consolidation, support in various meeting minutes and gather information with key relevant stakeholders for building presentations for senior management and other levels
  • Support the assessment of the Information Security risks of all information assets through risk assessments and risk review
  • Support risk management activities within the Operations function, in collaboration with regional and global partners
  • Support the processes to ensure effective access management and recertification of secure access for CIB LATAM applications and databases, partnering regionally and globally as required
  • Knowledge of IT processes is desirable (ITIL or Cobit Foundation)
  • Information Security, Controls and/or IT risk previous background
  • Ability to multi-task
  • Resourceful, "hands on", and able to take the initiative
  • Strong partnership skills
  • Good written and verbal presentation skills in native Portuguese and English
  • Fluent English Language
  • 8+ years experience in technology or risk management, preferably for financial institution and/or strong background in IT Risk Advisor
  • Solid understanding of key technologies and software development lifecycle
  • Industry qualification e.g. CISA, CRISC, CISSP, CGEIT is desirable
  • University Graduate
  • Excellent oral and written presentation skills
24

Information Risk Manager Resume Examples & Samples

  • Increasing the understanding of information risks within the business by explaining these in plain/business terms and helping them to ensure that these are kept within their risk appetite by recommending mitigating action
  • Provide risk opinion and guidance to the business
  • Manage and maintain close oversight on all risk related incidents with a view to provide assurance that risks and impacts have been handled effectively
  • Building and deepening relationships with key stakeholders at all levels, from global to regional
  • Representing the risk team on key Risk Management Committees
  • Building processes to ensure compliance with all internal and external regulations
25

Information Risk Manager Resume Examples & Samples

  • Provide support for S. Asia TCO
  • Attend regional and sub-regional technology and control forums
  • Perform analysis on new and changed regulations to identify technology impact
  • Partner with LOB TCOs and functional control owners to address regulatory control implementation and remediation
  • Create and maintain location risk profiles
  • Provides input to the risk registry, IT regulatory schedule and team initiatives
  • Establish and maintain program of oversight for technology change documentation
  • Participate in regulatory inspections and RFIs to coordinate and review responses
  • Contribute to regional and global reporting as needed, and other tasks as assigned
  • Several years of experience in Technology Risk Management or Technology Audit working for a financial institution
  • Strong understanding of control frameworks and industry standards including COBIT, ISO 27001, COBIT, NIST and ITIL
  • Applied experience in technology control assurance and control issue remediation
  • Strong understanding of IT GCCs and Application controls and best practice
  • Strong understanding of regional IT regulation as well as OCC and SOX 404 requirements
  • Strong knowledge of Windows and Unix OS
  • Strong knowledge of networks and databases including MS SQL and Oracle
  • Good command of MS Office skills especially Microsoft Access and Microsoft Excel
  • Strong presentation, communication and stakeholder management skills
  • Develops and maintains effective working relationships with the stakeholders and the various control or extended control functions
  • Client focused and service orientated. Proactively engages with stakeholders and maintains effective working relationships
  • Ability to handle difficult discussions and present complex technical issues to non-technical audiences
  • Demonstrates and fosters teamwork. Ability to work as part of a team and to make positive contributions
  • Strong diversity skills able to communicate effectively with people from different cultural backgrounds
  • CRISC or CISA qualifications a plus
  • Project management experience would be preferred
  • Financial services experience combined with Big 4 experience would be preferred
  • Willingness to travel internationally and work from remote locations
26

Information Risk Manager Resume Examples & Samples

  • Provide support for Hong Kong TCO
  • Contribute to regional and global reporting as needed, and
  • Other tasks as assigned
27

Senior Manager, Information Risk Manager Resume Examples & Samples

  • A four-year college degree in Computer Science or equivalent certification is required
  • 8 - 10 years of experience in information security, preferably in the Insurance Services Sector related field
  • Cloud security certifications
  • Experience in understanding and deploying risk management frameworks
28

Information Risk Manager Resume Examples & Samples

  • Risk Posture – Working across EUS, assist in developing and maintaining the risk posture with input from lines of business. Track and monitor risk remediation or policy expectations
  • Strategic Response/Priorities - Develop/agree strategic responses to priority risks identified and promote as global priorities or drive as regional priorities
  • Stakeholder Communications - Promote and improve awareness and communication around key security threats, risk posture, ITRSM policies and the strategic initiatives
  • Minimum 3 years of work experience as a Information Risk Manager
  • Minimum of 2 years of project management experience Minimum of 5 years of change management experience
  • Knowledge of internal systems (SEAL, Phoenix, ITRC, CAP)
29

Information Risk Manager Resume Examples & Samples

  • Engage with LOB IRM to ensure all requests are processed in accordance of JPMC policy and procedures
  • Review IT exceptions request which are submitted by business, technology and operations users
  • Identify control breaks and vulnerabilities with a application managers
  • Identify opportunities for process improvements to deliver increasing operational efficiency in the processes
  • Assist with various Asset Management Information Risk Management program initiatives working closely with the Leads of respective programs
  • Proficient technical skills, including: audit, business analysis, change management, IT Risk Management, operation systems and data sources knowledge, performance metrics and reporting, technical problem resolution, project management, and vendor management
30

Information Risk Manager Resume Examples & Samples

  • Govern and coordinate relevant IT Risk activities (e.g., Audit, Regulatory, risk assessment, control testing, monitoring, vulnerability management, risk reporting) and remediation of identified gaps and issues
  • Mature the GTI risk governance practice by defining and executing a risk strategy that is aligned with the GTI and Firm business and regulatory requirements
  • Participate in or lead programs to improve or remediate the control environment across the GTI Infrastructure Services and partner with Lines of business to improve the overall risk posture across the technology environment
  • Respond to regulatory enquiries and exams in partnership with the functional control leads
  • Implement efficient well defined risk procedures to provide value add risk management capabilities, and to ensure adequate resourcing to support the overall GTI risk objectives
  • Ability to assess existing processes and create new ones that proactively manage and reduce risk for the Firm
  • Foster an environment of regulatory awareness and ensure regulatory compliance
  • Excellent organizational skills, coupled with ability to be versatile and flexible
  • Exhibit sound business judgment and the ability to work successfully with all levels of management
  • Demonstrated ability to work independently and within a team
  • Ability to drive action within the line of business ensuring the risk and control agenda is met
  • Ensure resources are leveraged cost-effectively through budgeting and planning
  • Senior management or executive level presentation material development experience
  • 7- 10 years experience in technology operations or IT risk management, preferably for financial institution and/or strong background in IT Risk Advisory
31

Information Risk Manager Resume Examples & Samples

  • 50% - IRM Governance & Assurance
  • Provide assurance of the operating effectiveness of IRM key controls in allocated functional areas and business units
  • Provision of principal risk support, particularly during the quarterly attestation process, to drive compliance with Key Risk policy
  • 25% - Project Support
  • 25% - IRM Advisory
  • Ability to interact and engage with VP and Director colleagues across Group Risk, Internal Audit, Technology and Business Operations globally
32

Information Risk Manager Resume Examples & Samples

  • Experience in Auditing, understanding of internal controls, particularly General Computer Controls (GCC)
  • Experience in managing teams of technical resources
  • Proficient in MS Office - Microsoft
  • Word, Excel, Access and
  • PowerPoint
  • CISA, CISSP, CISM, CRISC
  • Certification
  • Bachelor's degree preferably in
  • Computer Science or Information
  • Technology
33

Merchant Services Information Risk Manager Resume Examples & Samples

  • Experience managing program and project delivery at a senior level with both direct and matrix responsibilities
  • Ability to build a strong people network within a large organization - effecting change and communicating clearly
  • Understanding goals beyond that of technology and an ability to integrate security solutions with business processes
  • 7 to 10 years of Technology, IT Risk/Security or Security Audit experience, IT Forensics, & ITIL (Incident, Problem, Change Management) methodology
  • Demonstrated ability to deliver results
  • Flexible and adaptable in response to changing demands
  • Advanced experience with Microsoft Office suite including Visio, Excel, Access, PowerPoint
  • Bachelor’s of Science Degree or related experience in Computer Science, Computer Engineering, Voice/Data Networking, Information Assurance or related fields
  • Preferred Skills
  • IT Risk & Security related professional certifications: QSA, ISA, CISM, CISSP, CEH, SSCP
  • Masters of Science Degree or related experience in Computer Science, Computer Engineering, Voice/Data Networking, Information Assurance or related fields
  • 10-15 years progressive experience including first-hand technical experience or front-line management in multiple disciplines (i.e. System Administration, DBA, Incident Management, Network Engineering, IT Security Monitoring & Incident Response, IT Forensic investigations, etc.)
34

Information Risk Manager Resume Examples & Samples

  • Provision of subject matter expertise (SME) on matters relating to information and cyber risk management
  • Lead the provision of information risk management SME advice and guidance to key stakeholders across the Functions including multiple senior Managing Directors and Directors
  • Leading investigations, incidents and exceptions to address information risk management matters
  • As a key part of the Governance and Control management team support the implementation of an agenda of consistency, effectiveness and efficiency for Information and cyber risk management across the company
  • Understanding of the information or cyber risk issues that are relevant to our business and financial services more widely
  • Experience of working within information security, including infrastructure security architectures and configurations, application/database security, encryption mechanisms, logical data/information storage techniques, data management and mobile technologies
  • Experience of building and maintaining effective relationships at a senior level
  • Resilience, able to influence senior management when dealing with complex and competing objectives
  • Strong and successful matrix management experience would be beneficial
  • Understanding of relevant regulatory environment
  • Information or Cyber Risk background,
  • Experience of working within information or cyber risk field, including systems audit or internal controls, preferably in the financial sector
  • Relevant privacy/information risk qualifications e.g. CISA, CISSP, CISM
  • Experience of COBIT, ISO27001, ISF/IRAM, DAMA and other relevant frameworks
35

Information Risk Manager Resume Examples & Samples

  • Responsible for the delivery of Information Risk Management operational responsibilities in country
  • Ensuring, that the relevant Information Risk Management policies, standards and frameworks are implemented and embedded
  • Support, and where appropriate co-ordinate, Information Risk compliance and assurance activity
  • Ensure and or facilitate pro-active management of all information risk related audit action items and control issues, with a view to ensuring closure by due date
  • Implement and embed the record management process and governance structure within the Cluster or In-Country
  • Implement and embed the record management reporting processes in the cluster
  • Degree in or Higher Diploma or Equivalent
  • Previous relevant experience in Information Risk Management
  • At least 5 years management experience, preferably in a risk related role
36

Information Risk Manager Resume Examples & Samples

  • Act as the primary contact for JPMC with local regulators, for all IT Risk and Control aspects, and coordinate all responses to any requests, audits or inspections
  • Drive the IT Risk, Controls and Security Agenda for Argentina; provide sponsorship for global initiatives and regular updates to Argentina COO and Technology management
  • Participate in global IT Risk, Controls and Security Management activities, and lead specific activities as required
  • Provide IT regulatory interface and coordinate with compliance for the interpretation and implementation of IT Regulations
  • Identify and maintain variances in policies and standards for addressing Argentina specific regulatory requirements
  • Review proposed Firm wide IT Risk Policies & Standards and provides input of Argentina requirements
  • Manage links to other relevant firm-wide bodies (IT Governance, Audit, Operational Risk, Legal/Compliance, Resiliency Risk Management)
  • Maintain relationships with key stakeholders and regulators
  • Coordinate with the Global Security and Investigations
  • Excellent written and verbal presentation skills to a wide variety of senior managers across the organization
  • Ability to select, develop and promote teamwork and leadership behaviours within the IRM function and across technology
  • Experience in financial services and/or major operations environment advantageous
  • Ability to work with personnel at all levels within JPMorgan and with external parties locally and regionally
  • Excellent communication (English and Spanish),negotiation and influencing skills
37

Cib-information Risk Manager Resume Examples & Samples

  • Extensive Risk Management experience and knowledge within Investment Banking or other financial institution
  • Process improvement and project management experience
  • Application Risk and Control specialist (alternative - Operational Risk or Information Security experience and knowledge with highly analytical skills)
  • Deep understanding of business knowledge in markets (Equity preferred)
  • Manage the regional Equity TCO team and drive the IT Risk & Control agenda for the Equity technology
  • Develop and maintain strong business and technology relationships, become a trusted partner, as well as foster collaborative relationships with Corporate functions such as Audit, Corporate IT Risk and Global Technology Infrastructure
  • Foster a culture focused on the self awareness and improvement of the risk environment
  • 10+ years IT experience, the majority of which should be in front office technology at an investment bank
  • 3 years experience in IT Risk and Control, or Information Security role, preferably in the financial services sector
  • A minimum of 3 years experience directly managing staff
  • Demonstrated experience working with the regulators in the region, articulate in local regulations and laws pertaining to IT Risk is preferred
  • A demonstrable track record of successfully working with poorly defined problems and drive change
  • Excellent written and oral communication skills in English
  • Extensive experience in technology or IT risk management, preferably for financial institution and/or strong background in IT Risk Advisory
  • Industry qualification e.g. CISA, CRISC
38

Senior Information Risk Manager Asia Resume Examples & Samples

  • Influencing Groupwide Strategy relating to the Information Risk Management Policies, Standards and Controls
  • Provision of subject matter expertise (SME) on matters relating to information risk management
  • Provision of subject matter expertise (SME) on Singapore regulatory mandates relating to information risk management
  • Analyse, inform and guide business strategy to support risk mitigation across Singapore
  • Inovation - Identifying, designing and delivering consistent toolsets, solutions and processes to support the mitigation of Information Risk, and managing the related program budgets
  • Provision of IRM SME advice, training and guidance to key stakeholders
  • Present key initiatives to senior stakeholders to gain sponsorship
  • Supporting the implementation of consistent, effective and efficient controls for Information risk management across the company
  • Drive and implement activities across the Asia Pacific region to strengthen information risk for the Asia Pacific business
  • Contribute to and, if required, lead global initiatives in the Information Risk Management space
  • Drive Key Risk Assessment (KRA) reporting for the Asia Pacific region and individual countries where required
  • Significant experience in an Information Risk background, up to VP level
  • Experience of working within information risk field, including systems audit or internal controls, preferably in the financial sector
  • Thorough understanding of the information risk issues that are relevant to our business and Asia regulatory requirements and commitments
  • Must have experience of building and maintaining effective relationships at a senior level
  • Influencing and negotiating skills
  • English essential (written and spoken)
  • BS and /or professional qualification preferred
  • Excellent knowledge of MAS regulatory guidelines pertaining to technology and information security
  • Other relevant privacy/information risk qualifications e.g. CISA, CISSP, CISM
  • Experience of COBIT, ISO27001, ISF/IRAM and other relevant frameworks
39

Information Risk Manager Resume Examples & Samples

  • Business Impact Analysis
  • Cyber security
  • Data Security
  • Resilience
  • Technology Operational Risk
40

Information Risk Manager Resume Examples & Samples

  • 1) Support implementation and execution of governance routines to ensure appropriate review and timely disposition of information security vulnerability risk, in line with GTO risk governance framework
  • 2) Identify and support efforts to automate and improve remediation function to move to a proactive, efficient program based on foundation of effective risk management and risk prioritization
  • 3) Support risk issue identification and closure of milestones of identified risk issues
  • 4) Data analytics to support identification of thematic issues across remediation functions and ensure appropriate visibility with senior leaders by supporting escalation routines
  • 5) Improve/develop QA routines and controls to ensure appropriate focus on risk reduction within defined timelines
  • Risk management experience with ability to effectively apply risk principles to business situations
  • Must display strong subject matter expertise in risk management, governance and development of risk appetite
  • Executive presentation and communication skills
  • Excellent influencing and problem resolution skills
  • Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding
  • Must have strong interpersonal skills and qualities which enable you to work with peers and various levels of management
  • 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations
  • Bachelor's and/or Master’s degree
  • Risk management and governance experience
  • Strong analytical skills/problem solving/conceptual thinking
  • Ability to work with Technical and Non Technical business owners
  • Assist with internal efficiencies projects and development
41

Information Risk Manager Resume Examples & Samples

  • Working closely with functions teams to support the definition of Risk appetite and Controls Maturity and share best practice
  • Support and embedding of a risk culture and awareness for Information Risk and Data policies across BUK
  • Maintaining independent perspective, challenging as required and setting out quantified control options and risk decision recommendations