Local Embedded Risk Manager with CISSP/CISM/CRISC, Cyber Security Risk
Apply NowCompany: Resiliency LLC
Location: Coppell, TX 75019
Description:
Department Description:
Enterprise Product & Platform Engineering
Enterprise Production Assurance
IT Resiliency & Data Center
Position Summary:
The Embedded Risk Manager (ERM) is responsible for assisting stakeholders with the identification and timely remediation of risk. She/he is a top-level contributor that acts independently with minimal direction. The ERM's ability to form strong relationships and communicate with a breadth and variety of management resources is critical. Attention to detail and strong time management skills are also required.
Specific Responsibilities:
Follow the company's processes and methodologies for risk management
Learn to effectively use the tools required for risk management at company such as the Policy and Document Management System (PDMS), Archer, and MetricStream
Comply with existing risk and control commitments and requirements
Liaison between and across the cost centers composing Enterprise Production Assurance (EPA) and IT Resiliency and Data Center (ITR&DC) and the following control functions:
Internal Audit Department
Technical Risk Management
Operational Risk Management
Regulators / Regulatory Relations
IT Risk Community of Excellence
Management Control Testing
Drive successful and timely completion of commitments and requirements
Issues and Actions
TRM network and app pen test findings, FOSS findings
Risk acceptances and policy deviations
PDMS Policy and Procedures document reviews
Additional artifacts as identified
Assist with articulating issues and remediation plans, drive timely submissions to control functions
Assist EPA and ITR&DC teams in tracking audit deliverables and facilitating management's timely response to requests
Track audit actions against defined delivery dates and assist with development of retarget plans as necessary
Protect stakeholders by identifying control adherence/design effectiveness gaps as first line of defense
Conduct proactive Control Environment Reviews (CER) to identify Management Self-Identified Issues (MSIs), policy deviations and risk acceptances to mitigate future control function findings
Update Process, Risk & Control (PRC) framework proactively
Review Key Performance Indicator (KPI) maker/checker compliance
Work closely with management and stakeholders to accurately report status of audit, compliance, and regulatory actions
Collaborate effectively with the Risk Management Center of Excellence to drive the teams' timely response to TRM, ORM, external Audits, and regulatory requests
Enable strategic improvement of IT control environment
Provide guidance and become central point of contact between stakeholders and control functions
Integrate risk management into each team's continuous improvement processes, roadmaps, and strategies
Drive/facilitate the DTCC Risk Mindset and Risk and Control continuous improvement
Knowledge and Skills Required:
Proven knowledge of technical infrastructure, networks, databases and systems and how they affect an organization's cybersecurity risk
Proven knowledge of security methodologies, policies, standards and best practices
Proven knowledge of information technology systems, infrastructure and operations
Ability to explain and articulate technical concepts using both technical and non-technical language
Critical thinking and analytical skills
Excellent presentation skills (MS PowerPoint)
Ability to manipulate data in a spreadsheet (MS Excel)
Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives
Strong oral and written communication skills
Excellent organizational skills, coupled with ability to be versatile and flexible
Sound business judgment and the ability to work successfully with all levels of management
Excellent grammar and style skills; ability to adapt writing style for different audiences and media
Education, Training and Certification:
Bachelor's degree preferred
CISSP/CISM/CRISC certification preferred
Enterprise Product & Platform Engineering
Enterprise Production Assurance
IT Resiliency & Data Center
Position Summary:
The Embedded Risk Manager (ERM) is responsible for assisting stakeholders with the identification and timely remediation of risk. She/he is a top-level contributor that acts independently with minimal direction. The ERM's ability to form strong relationships and communicate with a breadth and variety of management resources is critical. Attention to detail and strong time management skills are also required.
Specific Responsibilities:
Follow the company's processes and methodologies for risk management
Learn to effectively use the tools required for risk management at company such as the Policy and Document Management System (PDMS), Archer, and MetricStream
Comply with existing risk and control commitments and requirements
Liaison between and across the cost centers composing Enterprise Production Assurance (EPA) and IT Resiliency and Data Center (ITR&DC) and the following control functions:
Internal Audit Department
Technical Risk Management
Operational Risk Management
Regulators / Regulatory Relations
IT Risk Community of Excellence
Management Control Testing
Drive successful and timely completion of commitments and requirements
Issues and Actions
TRM network and app pen test findings, FOSS findings
Risk acceptances and policy deviations
PDMS Policy and Procedures document reviews
Additional artifacts as identified
Assist with articulating issues and remediation plans, drive timely submissions to control functions
Assist EPA and ITR&DC teams in tracking audit deliverables and facilitating management's timely response to requests
Track audit actions against defined delivery dates and assist with development of retarget plans as necessary
Protect stakeholders by identifying control adherence/design effectiveness gaps as first line of defense
Conduct proactive Control Environment Reviews (CER) to identify Management Self-Identified Issues (MSIs), policy deviations and risk acceptances to mitigate future control function findings
Update Process, Risk & Control (PRC) framework proactively
Review Key Performance Indicator (KPI) maker/checker compliance
Work closely with management and stakeholders to accurately report status of audit, compliance, and regulatory actions
Collaborate effectively with the Risk Management Center of Excellence to drive the teams' timely response to TRM, ORM, external Audits, and regulatory requests
Enable strategic improvement of IT control environment
Provide guidance and become central point of contact between stakeholders and control functions
Integrate risk management into each team's continuous improvement processes, roadmaps, and strategies
Drive/facilitate the DTCC Risk Mindset and Risk and Control continuous improvement
Knowledge and Skills Required:
Proven knowledge of technical infrastructure, networks, databases and systems and how they affect an organization's cybersecurity risk
Proven knowledge of security methodologies, policies, standards and best practices
Proven knowledge of information technology systems, infrastructure and operations
Ability to explain and articulate technical concepts using both technical and non-technical language
Critical thinking and analytical skills
Excellent presentation skills (MS PowerPoint)
Ability to manipulate data in a spreadsheet (MS Excel)
Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives
Strong oral and written communication skills
Excellent organizational skills, coupled with ability to be versatile and flexible
Sound business judgment and the ability to work successfully with all levels of management
Excellent grammar and style skills; ability to adapt writing style for different audiences and media
Education, Training and Certification:
Bachelor's degree preferred
CISSP/CISM/CRISC certification preferred