Empower, Connect, Evolve, and Inspire - these are the values that drive us and make BMI a company where you can thrive and grow.
Job Overview
BMI is seeking a dynamic and experienced professional to join our organization as the IT Risk, Continuity, and Compliance Manager. This crucial role entails overseeing the IT Risk process, crafting IT continuity and disaster recovery plans, and managing IT Audit mitigation actions. Collaborating closely with cross-functional teams, you will identify, evaluate, and mitigate IT-related risks, while guiding the development and implementation of IT Continuity Plans to safeguard the integrity, security, and compliance of our IT systems and operations.
To excel in this role, you will need to possess a deep understanding of Risk Management frameworks and methodologies, as well as Business Continuity Management, specifically within Information Technology. Your extensive knowledge and experience will enable you to work with senior IT Professionals, Internal Governing Bodies, External Auditors, Regulatory Agencies, and our adept technical teams, to reduce risk and improve compliance standards.
Key Accountabilities
Risk Management:
● Identify, assess, and prioritize IT-related risks, ensuring action plans are in place.
● Establish a comprehensive Risk database which can be used to manage, monitor and report on IT-related Risks.
● Conduct risk assessments of IT systems, processes, and infrastructure to identify vulnerabilities and potential threats.
● Generate and distribute regular risk reports to key stakeholders, providing insights into the current state of IT risk exposure, compliance status, and mitigation efforts.
● Ensure that risk reports are accurate, comprehensive, and actionable, highlighting significant findings and recommendations for risk reduction and improvement.
● Collaborate with stakeholders to review risk reports, discuss findings, and develop action plans to address identified issues and gaps.
● Continuously enhance risk reporting, processes, and methodologies to improve effectiveness and efficiency, incorporating feedback and lessons learned from previous reporting cycles.
● Develop IT risk and compliance training programs for employees, delivering awareness training and support to new and existing employees.
● Create and maintain an external network with other senior IT risk managers, and relevant risk forums.
● Stay informed about emerging IT risks, trends, and regulatory developments to proactively identify areas for improvement.
IT (Business) Continuity Planning:
● Work with Technical Leads and Subject Matter Experts (SMEs) to develop IT Continuity and disaster Recovery Plans to ensure the resilience of IT systems and operations.
● Coordinate with relevant stakeholders to identify critical business functions and establish recovery objectives and strategies.
● Establish a cadence to conduct testing exercises to evaluate the effectiveness of business continuity plans.
● Ensure plans are maintained and updated as needed based on changes in the organization's operations or IT infrastructure.
IT Compliance & Audit Management:
● Coordinate IT internal audits, supporting, where applicable, the assessments of IT systems and processes, coordinating responses to findings and ensuring timely remediation.
● Generate and distribute regular IT audit mitigation reports to key stakeholders, providing insights into the current state of audit actions and mitigation efforts.
● Manage and communicate a schedule of IT Audits and Reviews.
Experience & Skills
● +5yrs experience in IT risk management, with proven experience in continuity, and audit management within a corporate environment.
● Strong knowledge of Technology Risk & Control frameworks and assessment methodologies ● Relevant professional certifications, such as; COBIT, CRISC, etc.
● Knowledge of internal and/or external IT regulatory policies, standards, procedures, and controls.
● Desirable: Knowledge / experience of; Smartsheets, Google Workplace, ServiceNow, SNOW Asset Management.
Key Attributes
● Strong organizational skills, attention to detail and ability to manage priorities and meet deadlines.
● Excellent communication skills, with the ability to convey technical information to non-technical stakeholders; effectively manage stakeholders; and confidently address challenges when needed.
● Strong problem-solving and decision-making skills.
● Excellent communication and collaboration skills, enabling effective partnership with internal stakeholders, external vendors, and IT Leadership.
● Highly motivated, hard-working, and able to work in a fast paced environment
● Ability to deal with ambiguity and foster viable solutions.
● Team player of the highest ethical standards, integrity, credibility and character.