Senior Manager/AVP - Information Risk Management

Job Description

The IRM Lead will addresse information risks across all businesses and geographies. This includes identifying, assessing and controlling risks to confidentiality, integrity, availability and regulatory compliance of business information. The IRM Function provides policies, procedures and controls for prevention and protection measures, such as firewalls, user access, and encryption. The function also includes an advanced Security Operations Centre and forensics department to detect and respond to incidents.

- To lead the team accountable for the information security reviews of projects to ensure that these meet the required security, architectural & design principles.

- Manage the overall execution of the project engagement service covering information security reviews and design effectiveness tests/reviews out as per required stage gate review during project engagements.

- To further develop and optimize the project engagement service

- Ensure ongoing compliance with all requirements and guidelines during and after completion of project engagements.

- Identify and manage dependencies with IRM teams and actively participate in the R&C Council and other relevant risk community meetings to evergreen IRM framework.

- Support and actively participate in development of tooling to support IRM processes and ensuring this is fit for purpose.

- Support education and awareness of IRM issues and risks in the Business and influence the behaviours of staff as part of mitigating these risks.

- Drive continuous improvement (CI) of IRM processes.

- Number of direct reports to expand up to 40 members of staff over next 2-3 years.

- $ million influenced: 1-10 on IRM projects and services.

Requirements - Qualifications

- A qualification in CISSP, CISA, CRISC or CISM

- Legal & Regulatory Compliance (to include, but not limited to Trade Controls, SOX/FCM, Data Privacy, Records Management) preferable

- ITIL preferable.

- Certified LEAN practitioner preferable.

Job Experience Requirements:

- Must have previous experience in an (Information) Risk Management role

- Proven capabilities in leading (virtual) teams

- Good understanding of, and experience with Information Risk Management, Business (IT) Controls and project delivery.

- Advanced understanding of internal and external IT security standards, and relevant legal compliance aspects.

- Robust understanding of, and solid experiences with, the impact of IRM on application development and operations as well as the IT Infrastructure.

- Track record in continuous improvement of processes and, ideally, a certified LEAN practitioner.

- The ability to balance IRM needs and standards in light of risk and affordability to the Business as well as business impact.

- Excellent communication, interfacing and influencing skills to maintain relation with different groups of stakeholders internal and external to IRM, with stakeholders across organizational boundaries and with external groups.

- Ability to set direction, build, communicate and implement a shared IRM vision.

- Ability to promote high performance teams working with inclusiveness and cultural diversity, across organizational boundaries.

Candidate must also:

- Display analytical and problem solving skills

- Be pro-active and self-motivated

- Display very strong interpersonal and negotiating skills with all levels of staff

- Advocate a single One IRM community.