Primary Responsibilities:

• Manages the development of and implementation of the cyber risk management program that includes risk management process workflows, process documentation and align those activities to the enterprise risk management approach    

• Develop and maintain our Cyber Risk Program Charter to highlight how our program operates, roles and responsibilities, etc.

• Develop and implement the controls Inventory to ensure a comprehensive listing of controls and mapping to various frameworks and regulatory obligations

• Manages our Risk Register to record control deficiencies, etc. that contribute to our organization’s risk portfolio and allow us to measure, monitor and track risks through its lifecycle in a centralized manner

• Manage the Issues Management Program to identify, track and validate issues through its lifecycle from submission through remediation

• Provides analysis and identification of IT risks and the development of improvement plans to mitigate risk of cyber threats and non-compliance

• Provides cyber risk support and engagement with internal stakeholders, legal, regulatory, and government agencies regarding organization IT risks.

• Facilitate annual cyber program maturity assessments to identify future capabilities, industry alignment and continuously evolve and ongoing maturation of our cyber risk program

Basic Qualifications: 

• Bachelor’s degree and good range of prior relevant experience OR  

• Advanced Degree in a related field and some of experience OR  

• In absence of a degree, substantial amount of relevant experience is required  

• Experience working with IT/Cyber Risk, IT/Cyber Auditing, etc.

• Requires a strong, technical knowledge in IT/Cyber Risk, IT Risk Management Frameworks, Risk Register, and managing the execution of processes

• Extensive knowledge and skills within cyber security risk management, IT Auditing, Compliance, and any other related field with understanding of the impact of work on other areas of the organization.

• Relevant certification(s) (CISSP, CISA, CRISC, etc.)