Information Risk Management Job Description
Information risk management
provides the information risk management perspective to project teams using risk identification, information criticality and risk assessments.
Information Risk Management Duties & Responsibilities
To write an effective information risk management job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk management job description templates that you can modify and use.
Sample responsibilities for this position include:
Drives the mapping of risks, threat and controls to the list of information risk management policies / standards, regulations and industry best practice frameworks
Ensure the business compliance with the firm's IT Policies and Standards
Work on small and large projects providing detailed specialized knowledge of tools, processes and procedures relating to Information Risk
Defines processes for conducting infrastructure risk assessments and control testing
Collaborate with partners to promote an effective risk management culture by proactively identifying areas of operational risk across processes and capabilities
Review and modify existing security and compliance documents and develop document standards
Provides IT Controls and risk management consulting to the business systems, business, technical, functional and operations groups.Identifies
Establishes working relationships with technical, business and quality assurance counterparts
Officers, internal and external Audit, and Regulatory bodies to effectively manage and mitigate risk issues
Provides subject-matter expertise on applicable government regulation as related to Technology controls
Information Risk Management Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk Management
List any licenses or certifications required by the position: CISA, CISSP, CISM, CRISC, ISO, MCSA, GSEC, CCNP, CCENT, CCNA
Education for Information Risk Management
Typically a job would require a certain level of education.
Employers hiring for the information risk management job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Business, Information Technology, Engineering, Education, Information Security, Information Systems, Technology, Finance, Management
Skills for Information Risk Management
Desired skills for information risk management include:
Standards
Methods
Operational aspects of the information risk business
Risk management policies
Processes
Financial services industry and its regulations / laws
Current industry trends in information risk management
Governance models
Industry standard risk analysis approaches
COBIT those from NIST
Desired experience for information risk management includes:
Promotes awareness programs designed to ensure that the business management and Technology staff understand current information risks/threats and how these are to be managed
Contributes to continuous LOB process improvement through Controls oversight, risk identification and mitigation
Ensure RBCGAM has a controlled technology environment, with any gaps being well-understood and realistic action plans in place
Educate business and technology teams on importance of controls strategy and framework
Lead annual application access reviews process
Manage bi-annual application risk assessments and maintain documentation
Information Risk Management Examples
1
Information Risk Management Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information risk management. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information risk management
- Works with Corporate Communication, Human Resources, Legal, and other stakeholders to implement appropriate and compliant processes to support and educate the business
- Determine, recommend, negotiate and manage necessary changes to policies and procedures
- Research and development of reporting and analytic tools with particular focus on implementation of Tableau
- Provides advice and guidance on information risk matters involving legal or regulatory matters
- Conducts 2nd line risk assessments and control testing for applications
- Conducts 2nd line cyber risk assessments and control testing for applications
- Controls budgets
- Serve as a point of contact for escalation of issues when information risk issue related metric thresholds are breached
- Conducts active, ongoing outreach to stakeholders
- Develops effective, targeted IRM messaging, rolls it out consistently across appropriate channels
Qualifications for information risk management
- Broad technical knowledge across Identity &Access Management (IAM) is required
- Understanding of basic technology platforms
- Strong demonstrated ability to work in a self-directed manner
- Ability to translate strategy into actions and to identify and resolve challenges
- Can work well in large, complex, matrix organization
- Related risk or audit professional designations (or in the process of) would be considered an asset
2
Information Risk Management Job Description
Job Description Example
Our company is searching for experienced candidates for the position of information risk management. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information risk management
- Assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks
- Lead the Wholesale Banking Information Technology Risk Management team
- Perform targeted information security assessments of high risk applications (both internal and vendor supported), helping to ensure high risk areas have adequate and effective mitigating controls
- Lead Wholesale Banking efforts to comply with enterprise Data Governance policies, including the identification of data structures in scope of the policy, process mapping, control identification and authorized data source certification, if applicable
- Ensure business line compliance with Data Loss Prevention controls and related activities
- Implement the enterprise Model and Tool Risk policies in the business line
- Oversee business line compliance with identity and access management policies
- Manage, review and approve business line exceptions to security and technology policies and closely monitor remediation of identified gaps
- Proactively identify and inform Wholesale Banking management of emerging technology and cybersecurity risks that may impact the business line or its customers
- Develop, implement, and support an ongoing repeatable information security education & awareness program in multiple languages
Qualifications for information risk management
- Strong PC skills (MS Office products), broader knowledge of systems and reporting solutions
- In-depth understanding of Information Security policies/practices
- Understanding of the finance industry
- Highly developed strategic planning, including business requirements, project planning, and organizing and negotiating the allocation of resources to deliver on unit priorities
- Strategic thinker with strong problem management skills
- Is able to conduct and direct research into Information Risk and Information Technology Risk issues
3
Information Risk Management Job Description
Job Description Example
Our innovative and growing company is hiring for an information risk management. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for information risk management
- Set architectural design standards for all Security products such as Identity and Access Management, SIMS, forensic tools and other Security tools
- Contributes to business performance by providing strategic consulting on people strategies, organization development and other Human Resources specific or business initiatives for a defined business or operational area
- Analyzing and reporting aggregate risk information to senior management
- Tracking critical information risk issues including control deficiencies, policy exceptions, and other self identified issues
- Assist in the analysis of content related assets and workflows
- Assist in the evaluation of third party vendors and services
- Assist in determining data accuracy
- Manage forecasting and analysis of Loss Provision and Credit Reserves for the US Card Portfolio
- Provide visibility into current risk assessment status through timely tracking, trending, and escalation of issues
- Manage and follow up on action plans to continually reduce overall information security risk
Qualifications for information risk management
- Ability to develop security strategies that are practical and align with the organization’s business strategies
- Demonstrated experience of preparing, presenting and justifying business rationale for investments in new technology
- Excellent organizational and interpersonal skills problem solving, negotiation, and follow-up skills
- Proven knowledge of risk, threat and control library development and maintenance
- Knowledge of business management practices and methodologies is required
- We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business
4
Information Risk Management Job Description
Job Description Example
Our company is looking for an information risk management. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information risk management
- Research and document best practices and standards for using Database tools and Big Data solutions
- Develop security policies and procedures, standards, and baselines
- Conduct research and development into new security methods and tools
- Providing quarterly analysis to GA management and the product aligned teams to inform them on evolution of key developments and conducting periodic reviews of adequate reflection of these risks in the Business aligned Risk Assessment Profiles
- Ongoing business monitoring with key IRRM and business teams keeping abreast of pertinent industry, regulatory and business practices including through industry networks
- Supporting the ORM and IRRM Principal Audit Manager in designing the coverage approach for the specific in-scope components of IRRM globally including clarity of minimum testing to be conducted in business led reviews
- Coordinating with Business aligned teams regional Risk and Financial reporting PAMs is required to drive a comprehensive coverage of key risk in the audit plan
- Responsible for recommending plan adjustments based on identification of emerging risks through ongoing risk monitoring
- Delivering Risk led reviews contribution in business aligned reviews for area of responsibility as per the coverage model
- Acting as GA’s relationship manager and primary point of contact for areas of responsibility, maintaining excellent and responsive working relationships with management, wider Group Audit team, regulators and external auditors
Qualifications for information risk management
- Proven knowledge of policy creation and maintenance
- A successful candidate will have experience with developing and updating Certification and Accreditation documentation and system authorization artifacts under the Risk Management Framework (CNSSI 1253/NIST 800-53, ) or previous C&A frameworks such as DIACAP/NIACAP
- Solid knowledge of project / program management tools, techniques and systems development methodologies, including expert use of Microsoft Project
- University degree (Computer Science or related discipline preferred)
- Expertise in best practices of various aspects of information risk management
- Knowledge of the regulatory environments in Canada, Asia and the US
5
Information Risk Management Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information risk management. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information risk management
- Participate in enterprise-wide policy creation, assessment, and protection of data, security-related infrastructure, applications, and processes as they pertain to the evaluation of third parties providing services to US Bancorp
- Documents complex business and system processes and procedures through the use of industry standard process flow and flow charting techniques
- Conducts independent assessments and reviews based on the nature of the project (e.g., complexity, criticality )
- Supports business partners in establishing business continuity and disaster recovery priorities and requirements, and the management of business continuity executions
- Works closely with Global IRM and Asia Division IRM the problem management, legal and compliance teams for incident management
- Oversee and manage the operationalization of Vendor Information Risk, Data Leakage Prevention and Clear Desk programs in the region
- May conduct independent information risk assessments and reviews of third-parties and technology projects
- Assess and communicate Information and Technology risks associated with all material purchases or projects of the company
- Escalate, Report, Communicate to Executive and Risk Committees
- Perform Information and Technology risk assessments and serve as an internal monitor for technology risk issues and responsible to enforce compliance
Qualifications for information risk management
- Articulate Risk and Control goals and objectives in an advisory capacity that engages the stakeholders to act, develop and implement risk mitigation plans
- Strong analytical and reporting skills with good attention to detail
- Bachelor’s or Master’s degree in Information Systems, Computer Science, Finance or other related field
- Ability to effectively communicate and present information security issues to technical and nontechnical audiences
- Knowledgeable in the ISO 27001/27002 framework, NIST Cyber Security risk frameworks
- Experience with the banking/financial services industry including regulatory environment and risk management practices