Previous Job
Previous
IT Risk Program Manager
Ref No.: 18-12121
Location: New York, New York
Job Description: The IT Risk Program Director shall be responsible for managing and delivering on all milestones and deliverables for ITEC's Risk Management program as defined by client's ITEC Department, as well as the Enterprise Risk Committee and the CIO. Our IT Risk Management program, which is an important component of our Operational Risk management program, can be described in three steps below:
  1. Risk Identification - Prepare content to be specific to audiences and reflective of ITEC's Risk Identification process including oversight of the ITEC Annual Risk Assessment, as well as the ITEC divisions, Annual Risk Control Self Assessments (RCSA), and the Information Systems Security Program (ISSP), led by SAFE. The IT Risk manager will ensure that there are clear remediation plans and prioritization of efforts on the issues identified in those risk assessments. As well, he or she will also follow track and report on Risk identification efforts by Internal Audit and provide visibility on all audit points related to risk. This position will also produce reports on certain Key Risk Indicators and assist ITEC management on its Permanent Supervision controls.
  2. Risk Measurement – Utilizing the standards and methods defined by SAFE and the Enterprise Risk Committee, the IT Risk Communications Associate shall be responsible for collection, analysis and dissemination of relevant data for measurement of risk, inclusive of outages (incidents, problems), outage time, outage resolution, and operational financial losses.
  3. Risk Mitigation – client has a comprehensive program to define is annual priorities for investment in IT and Information Security. This role shall be responsible for liaising with the relevant actors, local and global, and applying its priorities specifically to the IT Americas area.

Day to day responsibilities include but not limited to:
  • Manage all milestones, deliverables, issues and challenges that may arise commensurate with the successful accomplishment of the fulfillment of the enhanced IT Risk Management program
  • Provide status reporting and progress reports to senior level management and SGUS oversight management committees
  • Provide additional leadership and support where needed to execute all facets of the program
  • Collaborate with internal teams to align our operational activities with IT Risk best practices
  • Collaborate and work with regulatory bodies in order to carefully articulate our mission and plans for delivering strategic and tactical solutions with regards to specific concerns
  • Analyze and prioritize requirements related to IT Risk management.
  • Write policies and procedures on certain core areas, as well as functional specifications, and model the requirements / specifications to IT Risk needs.
  • Gather, analyze, document, and validate the IT Risk needs of the ITEC stakeholders.
  • Establish strong relationships with business partners, SAFE, RISK, AUDIT and the COO.
  • Partner with Internal Audit to track and manage audit points assigned to ITEC.
  • Partner with external audit to track and manage SOC1 items of remediation
  • Procure technical assistance to assist in problem resolution for ITEC stakeholders for our risk tools, including but not limited to GPS (permanent supervision tool) and KART
  • Provide reporting support for all Risk based reporting by IT, including the Quarterly Enterprise Risk Committee report, and the Quarterly FCM Risk report.
  • Investigate, resolve and escalate problems as needed
  • Develop a formal reporting of IT Risk to be delivered monthly to the ITEC Americas Management team (ExCo).
  • Collaborate with the RISK Department to help assess ITEC's risk appetite and set up appropriate risk thresholds and limits.
  • Manage risk related projects impacting ITEC and coordinate with the different risk functions
  • Partner with SAFE to Strengthen our Risk Control Self-Assessment (RCSA) program
  • Partner with Operational Risk and provide a direct liaison in all areas of challenge
  • Perform quality assurance on all artifacts that are produced by IT Risk Management

COMPETENCIES
Required:
  • Comfortable with organizational complexity, high pressure environments and rapid change
  • Analytical and rigorous
  • Reactive and adaptive
  • Straightforward and clear communicator
  • Attention to detail
  • Exceptional level of professionalism

TECHNICAL SKILLS
Required:
  • Strong understanding of financial products and financial industry
  • Strong excel skills for in depth analysis
  • Strong PowerPoint skills for creating effective presentation decks.
  • Strong knowledge of Operational Risk
  • Audit background and related skill sets