Infinity Consulting Solution is a staffing and recruiting company that connects talented people to the businesses who need them. It specializes in recruiting staff from the following departments: IT, accounts, compliance and legal, human resource, and customer service. It has other offices in Denver, Dallas, Chicago, Minneapolis, Florida, Houston, Columbus, and Delaware. It was established in 2001 and its headquarters placed in New York. The company offers the following services: contract placement, permanent placement, temporary to permanent placement, and payroll services collaboration. Its mission is to make long-term relationships by matching the right people with proper workplaces. It offers the following job opportunities: data and operation analysts, system analysts, financial crime consultant, project coordinator, risk investigators, and reporting analysts. Employees get the following benefits: paid vacations, sick leave, insurance benefits, and retirement plans.
SEARCH: ALL OF THE KEYWORDS ANY OF THE KEYWORDS
Location: New York, NY
Job Type: Direct Placement
Ref No: 19-07073
Date: December 03, 2019
Job title :
Questions about this job listing? Contact the recruiter now.
We are seeking an IT Risk Manager to be a key member of the Information Security team, reporting to the Head of IT Risk, Governance & Compliance. S/he will be responsible for the continuous development and management of the IT Risk Management framework, processes and related documentation. S/he will lead and monitor the Application Security Risk Assessment (ASRA) operating model for the firm and will be responsible for managing and reporting on risk programs related to cyber and information security in a manner that meets corporate, legal and regulatory requirements. The IT Risk Manager will also be responsible for supporting the development and implementation of the Controls framework, processes and related documentation. Oversees the Risk Assessment function.
Identifies, assesses, and monitors applicable risks based on risk management policies and procedures.
Maintains and enforces the IT risk assessment framework/ methodology.
Ensures security-related processes are embedded within the firm's systems development life cycle.
Develops and implements risk responses to ensure that risk factors and events are addressed in compliance with applicable laws, regulations, policies and standards.
Manages tracking of identified findings and actions to closure, and reporting to leadership.
Manages an IT risk register to address risk issues and action plans from all sources, e.g., IT audit, risk assessments, vulnerability scans, penetration testing, etc.
Manages an effective risk acceptance process to facilitate and manage requests for non-compliance with polices and standards.
Helps design and implement an IT controls assessment process to ensure that controls function effectively and efficiently.
Participates in key initiatives as the subject matter expert to ensure alignment with IT and Information Security programs and initiatives.
Coordinates with IT, Operational Risk and Internal Audit to facilitate key risk management processes and identify acceptable levels of risk.
Collaborates with executive management and department leaders to assess risk posture and concern
Experience: Strategic thinker with strong collaboration skills, detailed working knowledge of IT and information security and risk management best practices, and familiarity in implementing enterprise-wide programs in a highly regulated business environment.
Highly knowledgeable about the business environment and must ensure that risks to information assets are proactively managed within the business risk appetite.
Strong knowledge of applicable risk management practices required to create a culture of risk management compliance for his or her group or department.
Exhibit best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.
10+ years' experience in:
- IT risk management and/or IT Audit related activities within the financial services industry
- Application security risk assessment tools or processes
- Performing gap analyses within different environments coupled with an in depth understanding of regulatory guidelines
- Working with information security risk, governance, and control frameworks such as ISO/IEC27000 series, NIST CSF, and CSA CCM
Technical abilities across a broad range of technologies: Windows, Linux, relational databases (Oracle, MS SQL, etc.), firewalls, routers, mobile devices, virtualization and cloud computing.
CISSP, CISA, CISM or CRISC certification is highly desired.
Project management and organizational skills, specifically managing multiple, concurrent projects.
Strong interpersonal, written, and oral communication skills.
Good influencing, relationship and stakeholder management skills.
Highly self-motivated and directed professional, with keen attention to detail.
Ability to communicate information security concepts across a broad range of technical and non-technical staff.
Excellent analytical, problem-solving and decision-making abilities.
Able to effectively prioritize tasks in a high-pressure environment.
Strong customer service and solution-focused orientation.
People and/or team leadership experience.