Partner with appropriate stakeholders across the Bank to document deviations from Information Technology, Information Security, and business continuity expectations as defined in Policies, Standards and Frameworks
Ensures all relevant aspect of the risk exceptions are documented in detail to support the inherent and residual risk determination.
Ensure the risk exceptions are approved by the appropriate individuals based on the nature and severity of the risk.
Develops and maintains reporting on the status of the program for senior leadership and appropriate oversight committees.
Ensures work effort dependencies, assumptions, risks and issues are defined, documented and communicated to the appropriate lead and/ stakeholder.
Requirements
QUALIFICATIONS
Bachelor's Degree Business, Computer Science, Information Assurance, Management Information Systems or related field
7 years in Risk Management, Information Security, IT Audit, or related field.
Prior experience in IT and IS Risk Management process for a large firm or bank highly desired.
CISA, CISM, CRISC or CISSP certification(s) required
MITRE Attack Framework experience a plus
Strong written and verbal communication skills for report writing, business