Lead, Tech Risk Management

Job Classification:

Technology - Risk & Governance institutions.  
** Your Team & Role
** As a Lead, Tech Risk Management in the Chief Operations Office, you will collaborate with Global Technology’s various functional areas, individual business units/corporate functions, and other control functions to identify, mitigate, and improve areas of risk that may impact our organization. In addition to advanced technical expertise and experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.

** Here is What You Can Expect on a Typical Day
*** Execute and/or oversee end-to-end issues management process including identification, root cause analysis, risk assessment, remediation action plan development, testing/validation of closure activities as well as monitoring/reporting.
* Work on significant and unique issues where analysis of controls or data is required to understand emerging risks that may impact future concepts, products or technologies
* Collaborate with technology and business stakeholders in reviewing technology documentation, providing risk opinions and documenting the results of review.
* Maintain governance frameworks and monitor adherence to issue management policies and control expectations.
* Act as the central point of coordination during internal/external audits, regulatory exams, and risk assessments.
* Participate in continued risk, technology and Information security education to build your knowledge and use to enhance the program
** The Skills & Expertise You Bring
*** Bachelor of Computer Science or Information Systems or experience in related fields
* Ability to lead independently with minimal guidance and optimally leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization
* Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges
* Excellent problem solving, communication and collaboration skills
* Strong written and verbal communication to communicate sophisticated messages and new concepts.
* Advanced experience and/or deep expertise in several of the following:
* Proven experience of demonstrated success in implementing and executing IT operational risk processes and initiatives
* Core Risk/Governance Technical

Skills:

Should have technical acumen related to IT processes, practices and capabilities with subject matter knowledge of components and risks within Cloud, Information & Cyber Security, Agile development methodology, Computer and Network Infrastructure and Privacy
* Demonstrated understanding of key technology concepts and IT organization business processes such as:
Access control, Data handling and protection, Disaster recovery / business continuity / resiliency, Enterprise architecture, IT general controls, Security monitoring, Technology lifecycle management
* Perform root cause analysis to identify and document remediation strategies that drive prioritization and alignment on issue and action plan ownership for measurable risk reduction and effective issues lifecycle management (optional for Regulatory/External Control).
* Conduct risk analysis for identification, assessment, aggregation, reporting and escalation of associated risks across GT
* Develop, refine, and manage IT key risk indicators, and advance usage of risk data to identify and analyze trends, provide timely insightful analytics and document GT risk appetite for key risks (primarily for Risk Operations)
* Knowledge of relevant global IT risk management frameworks (e.g., NIST, ITIL, ISO, COBIT, SANS) for development, maintenance, and enterprise alignment of the risk framework and taxonomy with enterprise processes, risk frameworks and reporting constructs
* Apply risk leadership skills in execution of IT operational risk and control assessments and third-party risk assessments, to determine risk opinion that product technologies and capabilities are fit for the risk appetite of the organization
* Knowledge of IT Governance, Risk, and Compliance (GRC)…