Job Description
Job purpose
The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by the firm to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.
Essential Function / major duties and responsibilities of the job
Strategic
1. Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
2. Risk Assessments – Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
3. Process Improvements – Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
4. Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering t...