Information Risk Senior Specialist
New York, New York | Contract
Information Risk (IRM) Senior Specialist
New York, New York
Seeking to fill a role for an Information Risk Senior Specialist. The ideal candidate will have a Bachelor's Degree and 10-15 years of experience as well as significant experience in one or more of the following areas: financial industry risk, compliance, control and governance disciplines
Key Responsibilities of the Information Risk Senior Specialist
- Project launch reviews with initial inherent risk and complexity assessment, reviewing business case, project objectives and KPIs
- Evidence based control effectiveness assurance reviews of specific work streams or delivery areas crucial to the success of the program, leveraging wider subject matter experts
- Check point reviews at key transition phases to provide assurance that readiness criteria to progress to the next phase have been met
- Pre-implementation readiness reviews, assessing implementation risks and providing assurance over testing results
- Work with the Business and Technology teams to identify security issues and agree corresponding actions to mitigate or accept risks.
- Periodic (e.g. monthly / quarterly independent assurance report over program status, assessing residual risk across key decision points, identify risks and advise on required actions
- On-going program performance tracking, including oversight of key control processes such as risk & issue and contingency management, via intelligent PMO function reporting into program Sponsor and Steering Committee
- Attend key meetings across the organization – dealing with all levels of stakeholders from C level to technical subject matter experts.
- Planning, execution and delivery of risk-based initiatives and projects
Requirements of the Information Risk Senior Specialist
- Advanced Degree preferred – MSc in IT Security
- Bachelor’s Degree or equivalent work experience required.
- 10-15 years experience
- Significant experience in one or more financial industry area: risk, compliance, control and/or governance disciplines
- In-depth understanding of information security principles and best practices across the industry as well as project management principles
- Strong stakeholder management, relationship-building, collaboration and presentation capabilities.
- Experience in carrying out risk reviews, technology audits or other similar work
- A thorough understanding of Risk Assessment approaches and methodologies
- A strong sense of proportionality, reasonableness and cost with respect to risk response
- Ability to manage through highly sensitive situations with highest level of discretion
- Strong understanding of residual risk and risk mitigation
- Strong bias toward quantitative risk data rather than subjective reporting is required
- Experience in maturing a risk organization toward a quantitative approach to reporting is highly desirable
- Strong experience in a Technology Risk, Information Risk, Information Security or an IT Audit role
- Certified Information Systems Security Professional (CISSP) required, additional security certifications advantageous e.g. Certified Information Security Manager (CISM) or Certified in Risk Information Security Control (CRISC), Certified Information Security Auditor (CISA)
- Proven experience in project management on the basis of an industry standard methodology - a Project Management qualification an advantage (PMI or Prince)
Information Risk Senior Specialist - 13837