The main function of an IT Risk Manager is to manage IT risk through identification, evaluation, integration and documentation of risks and controls, risk analysis and research, risk program coordination, or consultation on risk mitigation plans.
Participates in the identification, evaluation, and documentation of IT business risks and controlsMay lead IT risk and control assessments for assigned business processesSeeks guidance from team members to resolve issues and to identify appropriate issues for escalationGathers information and performs basic risk analysis and process researchProvides support for the IT risk analysis/process dashboard reporting requirementsAcquires and applies foundational knowledge of the business, its products and processes.
Bachelor’s degree in Management Information Systems, Computer Information Sciences, mathematics, statistics, finance or economics
5-7 years experience
Basic knowledge of risk management principles
Ability to view problems in an analytical manner
Understanding of probability and IT risk modeling techniques
Basic knowledge of Microsoft Office tools to include Word, Excel, and PowerPoint.
Working knowledge of data analysis tools.
Manage and monitor the organization’s information security risks. Ensure that security risks are known, evaluated for significance, appropriately communicated, and effectively addressed through the application of appropriate controls and processes. Manages the security risk register and champions the timely resolution of security risks.
Essential Responsibilities/Experience: Assess, investigate, triage, prioritize, track, verify, and promote the timely resolution of information security risks, including third party risks. Operate, maintain, and enhance the organization’s GRC infrastructure (Rsam). Apply appropriate tools and techniques to assess and monitor applications and systems for security vulnerabilities. Correlate and analyze data such as vulnerability and threat service feeds, security tool output, and configuration management system data to identify and evaluate potential infosec risks.
Certifications: CRISC, CTPRP are desirable.
Other Considerations: Experience with the Rsam GRC platform is a plus. Strong collaboration and consensus building skills expected. Technical expertise in one or more IT domains (e.g. software development, DB administration, server operations, network engineering, etc.) is desirable.