IT Risk Job Description
IT risk
provides a variety of IT advisory services related to Certification and Accreditation, internal control, risk management, IT controls and related standards (Sarbanes-Oxley, FISCAM, FISMA, NIST, COBIT).
IT Risk Duties & Responsibilities
To write an effective IT risk job description, begin by listing detailed duties, responsibilities and expectations. We have included IT risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Ensures corporate-wide information security standards and procedures are in compliance with Federal, State and Regulatory information security and risk management policies, standards, guidelines and nationally recognized industry best practices
Provides internal consulting on information security policy, standards and Technical Security Standards for technology solutions and applications builds
Develop security guidelines and standards to be applied in Application development and enhancement activities
Provides guidance, training and assistance throughout the corporation in the use of Information Security policies and Technical Security standards, including the actions to be taken, resources required and procedures to be followed
Provides tracking and follow-up to management on IS Vendor Management efforts, assessments and exemptions (metrics, EOM, Compliance to IS standards, etc)
A good foundation in general controls, access controls and any other bonus fun stuff that will help with IT audits such as a CISA certification, understanding security or PCI will make you a great contribution to the team (data analytics experience is great and it’s a huge part of our strategy, but not required prior to Day 1)
Work closely with policy/standard owners and their working groups to oversee the writing and revision of documents as they come up for annual and bi-annual reviews
Work effectively as a team member, sharing responsibility, providing guidance and instruction to staff, maintaining communication, and updating Partner members on progress
Plan and lead meetings with target management teams
Build strong internal relationships within the firm's Advisory Services and with other services across the organization
IT Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Risk
List any licenses or certifications required by the position: CISA, CISSP, CISM, CRISC, CIA, ISO, ISACA, CPA, CCNP, MCSE
Education for IT Risk
Typically a job would require a certain level of education.
Employers hiring for the IT risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Business, Information Technology, Information Systems, Management, Accounting, Finance, Education, Technology, Information Security
Skills for IT Risk
Desired skills for IT risk include:
Develop recommendations for improvement based on leading practice
Evaluate findings for significance and risk
IT trends
NIST
Systems and processes
COBIT
Standards
Frameworks
PCI
ITIL
Desired experience for IT risk includes:
Good facilitation and coordination skills
Highly motivated and committed to drill down into issues with positive attitude
Able to evaluate and communicate risk issues clearly and concisely
A team player and can work independently to support colleagues
Strong analytical skills to identify weaknesses or root causes and recommend effective and efficient solutions to address issues
IT literacy – Microsoft Office, including Microsoft PowerPoint and Excel skills
IT Risk Examples
1
IT Risk Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of IT risk. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for IT risk
- Assist in managing expectations of client service delivery
- Conduct regular reviews on vulnerability management, access controls, audit controls, information systems
- Be passionate about Information Security and the role it plays in a business similar to ours
- Have a strong IT information systems background, including familiarity with financial and operational cloud based systems (such as Oracle, SalesForce, Workday, many more!) and the moxie to understand and navigate complex home-grown systems
- Be a great communicator - you can understand clearly communicate the story and big picture and are able to break down technical aspects and communicate why something is important and what the major risks might be in a way various stakeholders can understand
- Have Big 4 experience - we co-source with PWC and Deloitte, our external auditors who are very technical and we need someone who understands that world and can talk their language
- Experience auditing IT general and application controls
- 4-6+ years in an auditing and/or finance role, some of it at a large public company, preferably in the high-tech and/or telecom industry
- CPA, Chartered Financial Accountant, CISA, or an appropriate equivalent technical certification required
- Responsible for the development, communication, implementation, and execution of agreed upon processes around Risk, Audit and Legacy within the Infrastructure/Application organization
Qualifications for IT risk
- Working on JMS, WebServices, JMX
- Working with Maven and Ant build tools
- Database (SQL Server, Oracle) and fluency in writing optimal SQL queries
- Financial Risk Manager (FRM) designation
- Master Business Administration (MBA) graduate
- Proficient in writing SQL queries, Excel, MS Office
2
IT Risk Job Description
Job Description Example
Our growing company is looking to fill the role of IT risk. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for IT risk
- Establishing roles and responsibilities within the core program team
- Collaborating and coordinating with technology partners across the firm, assessing technology assets from an access controls perspective, identifying gaps and facilitating solutions
- Driving program progress and quality within program dates
- Proactively identifying issues and driving them to resolution
- Escalating as needed to executive management
- Preparing and presenting progress reports for executive management
- Identifying and executing process and strategy improvements
- Analyze and Perform development work to integrate applications with the framework
- Manage expectations, timelines and prioritize working with the Application Development Manager’s (ADM)
- Provides value input into risk reports
Qualifications for IT risk
- Technical knowledge and sound understanding in areas of IT risk management principles, internal control concepts, information security solutions, or security controls design
- Working with Spring Framework and related advanced java technologies
- Working with Hadoop, Gemfire, Spark
- Strong documentation and gap analysis skills desired / preferred, inclusive of presentation, facilitation and structured thinking
- Project Management Skills / Experience - Preferred
- IT Risk and Security Certifications (CISSP, CEH, ..) - Preferred
3
IT Risk Job Description
Job Description Example
Our company is looking to fill the role of IT risk. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for IT risk
- Support IT Risk subject matter expertise in providing independent oversight and determine root cause of IT risk issues and triage to appropriate Senior Manager, IT Risk Domain for analysis and recommendations
- Manage IT regulatory exams and client due diligence activities ensuring consistency and accuracy in materials
- Run enterprise committees supporting the implementation of the IT Risk Framework
- The new team member will be supervised and guided by a senior team member through our approach and methodology
- Manage and maintain IT Partner Management Risk and Control Matrix in line with AIBs Internal Control Framework (ICF) to support the delivery of IT Partner Management services and associated control environment
- Manage and maintain IT Partner Management Operational Risk Register
- Work with IT Partner Managers and IT Partners to identify, report and manage key risks in their areas of responsibility
- Manage the contractual Deliverables and Obligations Tracker and escalate non-compliance to the relevant IT Partners and IT Partner Oversight fora
- Review output from the IT Partner Governance fora and identify key emerging risks
- Conduct external research to identify emerging risks in the industry
Qualifications for IT risk
- A proven track record of experience from either a Big 4 practice, consulting or within the Banking secto
- SME in a relevant area of Technology
- 4 - 8 years Technology Risk / IT Audit experience
- Initially, you’ll need to understand the business, know our revenue model, know our business and underlying systems and applications and get that figured out quickly
- Working knowledge of methods used to perform risk analysis, risk assessments, control assessments, vulnerability assessments and audit management
- Up-to-date knowledge of IT technologies and business software including Windows/Unix operating platforms, database technologies, Microsoft applications, network technologies and key business applications
4
IT Risk Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of IT risk. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT risk
- Maintain, conduct audits, and assess information technology (IT) security and compliance policies and standards
- Support the IT Partner Management team when preparing for audits (internal, external)
- On request work with the IT Partner Managers and IT Partners to advise on emerging risks and recommend appropriate mitigating actions
- Support the accountable parties in determining the appropriate treatment of identified risks and partner with LOB risk leaders to develop audit and risk mitigation plans
- Lead CHANGE - LOB strategy development initiatives for communication, education and awareness of key IT Risk Management initiatives
- Partners with key stakeholders in the business to identify, assess, aggregate and document risks and controls, including risks associated with new or modified products, services, distribution channels, regulations and third party operations
- Presents findings and concerns to various levels of leadership
- Contributes to the implementations of new risk policies, practices and solutions to ensure holistic understanding and management of risks according to industry best practice
- Utilizes or produces analytical material for discussions with cross-functional teams to understand business objectives and influence solution strategies
- Supports implementation of enterprise risk management framework
Qualifications for IT risk
- Must be able to cope with changing priorities
- 5 + years of Information Technology/Business experience
- Experience in Risk Management and/or Technology Audit functions
- An overall understanding of the interactions between various technology groups, systems analysts, application development, production support, help desk, infrastructure, and architecture teams so as to ensure effectiveness
- Strong interpersonal skills such as influence management, negotiation and partnership building
- Strong communication skills with the ability to communicate to all levels and different sizes audiences
5
IT Risk Job Description
Job Description Example
Our innovative and growing company is looking for an IT risk. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT risk
- Work with application groups and architects to design and implement IT Risk / security considerations into the design of applications
- Point of contact for any control assurance initiatives (Risk Assessments, new compliance requirements) that impact Finance IT
- Deputize for IT Risk and Production Architect, as required
- Perform the Process Manager role for the Problem Management process working closely with the IT Outsourced partner
- Coordinate interfaces between Problem Management and other service management processes
- Coordinate all problem resolution groups to ensure efficient resolutions of problems within target objectives
- Coordinating all activities relating to major problem reviews
- Liaise with external parties in relation to any problems that require third party assistance and/or expertise
- Demonstrably drive incident volumes down through effective problem management
- Demonstrably isolate root cause and eliminate recurring incidents from the Enterprise
Qualifications for IT risk
- Leadership abilities to see paths to resolution, acquire necessary resources and inspire the team to complete the work
- 3+ years of experience with either Business Analysis, Application Development or Information Risk
- Experience with Java, J2EE, Oracle SQL/PL-SQL, WebLogic, UNIX and/or Shell Scripting is strongly preferred
- 3+ years prior experience in related risk and control disciplines (e.g., Risk Management, Internal/External Audit)
- Remain open and alert to new technology opportunities ags1
- Of IT systems