- Information Technology Operational Risk Management (ITRM) is responsible for providing oversight of operational risks associated with all operating activities of client's Information Technology division.
- The primary responsibilities of ITRM include providing risk management, risk advisory, regulatory liaison, and policy/standards governance for the Information Technology division.
- This could include managing the review and publication of divisional policies and standards, defining and implementing risk management frameworks, monitoring and reporting risks and risk response, performing risk reviews and evaluations, and driving continuous improvement of risk management capabilities across IT.
- ITRM is led by the Vice President, IT Operational Risk & Governance.
- ITRM is looking for an experienced professional to support 1st line IT Risk Management functions.
- Areas of support will include Risk Advisory, Risk Assessment, Third Party IT Risk Management, and Polices and Standards.
- This position requires that the applicant have a strong understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance within a large institution.
- Perform risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.); Identify and assess control effectiveness and/or gaps.
- Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
- Advise the IT "customers” on means and methods to drive remediation of risk related issues and operational events
- Be a role model and technical mentor to the junior and midlevel professionals, work alongside of highly collaborative, open minded, technology savvy and dedicated team members.
- Reporting of IT risk metrics and data
- Bachelor's Degree
- 5-7 years of experience working with SOX, practical experience in internal/external audits, risk management - methods and techniques for the assessment and management of risk.
- Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and communication skills
- Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles
- Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.