Information Risk Manager, Director

Total Compensation is targeted at $200K - $260K. To be determined based on candidate's credentials, experiences, and potential value to the department / firm.

Information Risk Manager, Director

Position Overview: 

Our client is the US headquarters of a prestigious Global Financial Organization.  They specialize in providing corporate banking services, investment banking, and treasury management / working capital services to corporate clients.  

Currently, they seek to hire an Information Risk Manager to support the Information Technology & Operations Risk & Control Office. The ideal candidate will handle reviews that include Three Lines of Defense (3LoD) model for risk management, Second Line of Defense (SLoD) and regulatory examinations. You will need an in-depth understanding of technology audits and information risk management which encompasses technology risk assessment, controls testing, issue management, risk acceptance and cyber security controls.
 
Responsibilities will include (but not be limited to):

• Manage the implementation of the Information Risk Management Framework covering coordination of SLoD, TLoD and regulatory engagements.
• Manage the Oversight and Challenge of Information Risk Management (IRM) Governance process, covering coordination of SLoD, TLoD and regulatory engagements.
• Document FLoD regulatory responses and collaborate with the second line of defense and legal teams to finalize management responses to regulatory exam findings.
• Provide primary coverage for SLoD and TLoD coordination and communication.
• Meet with senior management and respective risk management parties to coordinate reviews and examinations and monitor current status.
• Provide periodic status updates to senior management on the progress of current reviews (i.e. SLoD, TLoD, regulators) and Information Risk initiatives.
• Observe remediation activities across the first line of defense and track the execution of plans.
• Communicate the status of control gap remediation and coordinating with the second line of defense for independent review.
• Oversee completion of risk mitigation plans to ensure they are consistent with policies and standards.
• Oversee the development of supporting materials for Information Risk Governance forums meetings.
• Develop FLoD IRM training materials and lead the FLoD training program.
   
• Qualifications: 
  15 years + in IT management, technology or operational risk management, technology audit or related role, including experience, testing and assessing controls and implementing NIST/COBIT frameworks
• Experience in Financial Services environment a strong plus
• Understanding and experience working within the Three Lines of Defense model and interacting with them at the senior level
• Experience leading audits and examinations across Technology and Cyber Security
• Experience managing and designing risk assessments for technology including review and mapping of controls against industry standards and integration with RCSA and other risk programs
• Knowledge of the financial services industry and its regulations/laws
• Understanding of control and risk management concepts and knowledge of operational aspects of the information risk business
• Knowledge of risk management policies, methods, standards, processes and industry-standard risk analysis
• Strong written, verbal, and presentation communication skills.
• IT Control Certification (e.g. CISA, CRISC, CISM, ISC2, CGEIT) is preferred
• Bachelor's Degree or equivalent experience, Master's degree in business, Administration, Technology or related field is preferred.