Information Risk Management Job Description
Information Risk Management Duties & Responsibilities
To write an effective information risk management job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk management job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Risk Management Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk Management
List any licenses or certifications required by the position: CISA, CISSP, CISM, CRISC, ISO, MCSA, GSEC, CCNP, CCENT, CCNA
Education for Information Risk Management
Typically a job would require a certain level of education.
Employers hiring for the information risk management job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Business, Information Technology, Engineering, Education, Information Security, Information Systems, Technology, Finance, Management
Skills for Information Risk Management
Desired skills for information risk management include:
Desired experience for information risk management includes:
Information Risk Management Examples
Information Risk Management Job Description
- Works with Corporate Communication, Human Resources, Legal, and other stakeholders to implement appropriate and compliant processes to support and educate the business
- Determine, recommend, negotiate and manage necessary changes to policies and procedures
- Research and development of reporting and analytic tools with particular focus on implementation of Tableau
- Provides advice and guidance on information risk matters involving legal or regulatory matters
- Conducts 2nd line risk assessments and control testing for applications
- Conducts 2nd line cyber risk assessments and control testing for applications
- Controls budgets
- Serve as a point of contact for escalation of issues when information risk issue related metric thresholds are breached
- Conducts active, ongoing outreach to stakeholders
- Develops effective, targeted IRM messaging, rolls it out consistently across appropriate channels
- Broad technical knowledge across Identity &Access Management (IAM) is required
- Understanding of basic technology platforms
- Strong demonstrated ability to work in a self-directed manner
- Ability to translate strategy into actions and to identify and resolve challenges
- Can work well in large, complex, matrix organization
- Related risk or audit professional designations (or in the process of) would be considered an asset
Information Risk Management Job Description
- Assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks
- Lead the Wholesale Banking Information Technology Risk Management team
- Perform targeted information security assessments of high risk applications (both internal and vendor supported), helping to ensure high risk areas have adequate and effective mitigating controls
- Lead Wholesale Banking efforts to comply with enterprise Data Governance policies, including the identification of data structures in scope of the policy, process mapping, control identification and authorized data source certification, if applicable
- Ensure business line compliance with Data Loss Prevention controls and related activities
- Implement the enterprise Model and Tool Risk policies in the business line
- Oversee business line compliance with identity and access management policies
- Manage, review and approve business line exceptions to security and technology policies and closely monitor remediation of identified gaps
- Proactively identify and inform Wholesale Banking management of emerging technology and cybersecurity risks that may impact the business line or its customers
- Develop, implement, and support an ongoing repeatable information security education & awareness program in multiple languages
- Strong PC skills (MS Office products), broader knowledge of systems and reporting solutions
- In-depth understanding of Information Security policies/practices
- Understanding of the finance industry
- Highly developed strategic planning, including business requirements, project planning, and organizing and negotiating the allocation of resources to deliver on unit priorities
- Strategic thinker with strong problem management skills
- Is able to conduct and direct research into Information Risk and Information Technology Risk issues
Information Risk Management Job Description
- Set architectural design standards for all Security products such as Identity and Access Management, SIMS, forensic tools and other Security tools
- Contributes to business performance by providing strategic consulting on people strategies, organization development and other Human Resources specific or business initiatives for a defined business or operational area
- Analyzing and reporting aggregate risk information to senior management
- Tracking critical information risk issues including control deficiencies, policy exceptions, and other self identified issues
- Assist in the analysis of content related assets and workflows
- Assist in the evaluation of third party vendors and services
- Assist in determining data accuracy
- Manage forecasting and analysis of Loss Provision and Credit Reserves for the US Card Portfolio
- Provide visibility into current risk assessment status through timely tracking, trending, and escalation of issues
- Manage and follow up on action plans to continually reduce overall information security risk
- Ability to develop security strategies that are practical and align with the organization’s business strategies
- Demonstrated experience of preparing, presenting and justifying business rationale for investments in new technology
- Excellent organizational and interpersonal skills problem solving, negotiation, and follow-up skills
- Proven knowledge of risk, threat and control library development and maintenance
- Knowledge of business management practices and methodologies is required
- We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business
Information Risk Management Job Description
- Research and document best practices and standards for using Database tools and Big Data solutions
- Develop security policies and procedures, standards, and baselines
- Conduct research and development into new security methods and tools
- Providing quarterly analysis to GA management and the product aligned teams to inform them on evolution of key developments and conducting periodic reviews of adequate reflection of these risks in the Business aligned Risk Assessment Profiles
- Ongoing business monitoring with key IRRM and business teams keeping abreast of pertinent industry, regulatory and business practices including through industry networks
- Supporting the ORM and IRRM Principal Audit Manager in designing the coverage approach for the specific in-scope components of IRRM globally including clarity of minimum testing to be conducted in business led reviews
- Coordinating with Business aligned teams regional Risk and Financial reporting PAMs is required to drive a comprehensive coverage of key risk in the audit plan
- Responsible for recommending plan adjustments based on identification of emerging risks through ongoing risk monitoring
- Delivering Risk led reviews contribution in business aligned reviews for area of responsibility as per the coverage model
- Acting as GA’s relationship manager and primary point of contact for areas of responsibility, maintaining excellent and responsive working relationships with management, wider Group Audit team, regulators and external auditors
- Proven knowledge of policy creation and maintenance
- A successful candidate will have experience with developing and updating Certification and Accreditation documentation and system authorization artifacts under the Risk Management Framework (CNSSI 1253/NIST 800-53, ) or previous C&A frameworks such as DIACAP/NIACAP
- Solid knowledge of project / program management tools, techniques and systems development methodologies, including expert use of Microsoft Project
- University degree (Computer Science or related discipline preferred)
- Expertise in best practices of various aspects of information risk management
- Knowledge of the regulatory environments in Canada, Asia and the US
Information Risk Management Job Description
- Participate in enterprise-wide policy creation, assessment, and protection of data, security-related infrastructure, applications, and processes as they pertain to the evaluation of third parties providing services to US Bancorp
- Documents complex business and system processes and procedures through the use of industry standard process flow and flow charting techniques
- Conducts independent assessments and reviews based on the nature of the project (e.g., complexity, criticality )
- Supports business partners in establishing business continuity and disaster recovery priorities and requirements, and the management of business continuity executions
- Works closely with Global IRM and Asia Division IRM the problem management, legal and compliance teams for incident management
- Oversee and manage the operationalization of Vendor Information Risk, Data Leakage Prevention and Clear Desk programs in the region
- May conduct independent information risk assessments and reviews of third-parties and technology projects
- Assess and communicate Information and Technology risks associated with all material purchases or projects of the company
- Escalate, Report, Communicate to Executive and Risk Committees
- Perform Information and Technology risk assessments and serve as an internal monitor for technology risk issues and responsible to enforce compliance
- Articulate Risk and Control goals and objectives in an advisory capacity that engages the stakeholders to act, develop and implement risk mitigation plans
- Strong analytical and reporting skills with good attention to detail
- Bachelor’s or Master’s degree in Information Systems, Computer Science, Finance or other related field
- Ability to effectively communicate and present information security issues to technical and nontechnical audiences
- Knowledgeable in the ISO 27001/27002 framework, NIST Cyber Security risk frameworks
- Experience with the banking/financial services industry including regulatory environment and risk management practices