Growth in Value Alliance (GV Alliance) Partners is a business advisory and market intelligence services firm. Our objectives are to assist organizations to achieve their growth aspirations by providing market intelligence, strategy formulation and implementation expertise and business operation improvement skills.
Our clients in the telecommunication and financial service industries have the following positions available.
JOB TITLE: Head of Information Risk Management
CODE: GVA/HOIRM 01
JOB DESCRIPTION
• The Head of Information Risk Management reports to the Executive Director, Market Operations and Technology and is responsible for driving consistent and effective risk-based approaches within the organization. The successful candidate will be responsible for implementing the Information Risk and Security Management programme of the organization and is expected to be the subject matter expert, providing guidance and support on all Information Risk Management issues.
• In addition, the right candidate will ensure audit, regulatory and governance requirements are met by implementing procedures to confirm that the organization complies with existing privacy/ data protection laws and associated regulations. S/he will perform Information Risk and Security due diligence and will be responsible for implementing records management, ensuring that the records are kept in line with set standards. The post holder will also provide oversight functions for all Third-Party relationships and execute risk-based strategies which ensure confidential data is appropriately controlled. S/he will be a thought leader, able to influence risk programmes at the business and industry level and would have gained experience ideally across several locations/geographies and within Emerging Markets operations of the Financial Services sector.
• This is a high profile opportunity to use your skills in transforming a leading Emerging Markets Operations in the Financial Services sector and positioning it for growth and leadership within its region.
JOB FUNCTIONS
• Assess the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
• Ensure that a risk-based assessment is performed regularly for all existing applications
• Conduct in-depth information technology risk assessments including identifying and documenting controls, creating detailed process flows, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation
• Implement the access authorization process and perform periodic reviews of access authorization.
• Review and test compliance with Information Risk policy to ensure that physical and electronic information is appropriately secured throughout the information lifecycle (i.e. storage, transfer, use and disposal)
• Advise on the design of application security controls(i.e. password controls, encryption, etc), based on information security control standards
• Provide consultation on information security standards and industry best practices
• Ensure Third Party Risk Governance is properly implemented in the organization
• Review third-party vendors and contracts to ensure appropriate controls are in place and functioning effectively
• Define and document process for third-party data connections (add, change and delete) inclusive of encryption requirements adherence.
• Maintain inventory of all third-party data connections
• Regularly engage business units to ensure ownership and remediation of internal / external audit and regulatory requirements pertaining to Information Security
• Identify, investigate and escalate where necessary both actual and potential instances of incidents (non-compliance) and implement appropriate changes.
• Provide responses to queries from internal and external audit on information technology controls
• Track action steps and ensure that findings from reviews and testings are remediated appropriately and in a timely manner
• Conduct readiness reviews over large information technology development projects ensuring appropriate systems development lifecycle methodologies are being applied and followed.
• Develop materials/ facilitate trainings to review gaps and support the organization in maintaining effective Record Management processes and procedures.
• Engage team members through coaching, training and awareness programmes to ensure risk methodologies are effectively communicated across the enterprise.
EXPERIENCE
The Head of Information Risk Management will be expected to have aptitudes, skills, knowledge and experience on the following areas:
• Minimum 12 years' experience in financial operations risk, information technology risk management, audit and/or compliance, with significant experience in information technology controls review; experience in financial services audit organization preferred
• Demonstrated technical abilities in multiple areas (e.g., technology, fund accounting, custody, transfer agency, brokerage, financial statements, etc.)
• Significant knowledge of information technology processes and controls and an understanding of risk and quality control and assurance functions
• Strong process orientation and understanding of operations and technology enabling candidate to provide support in the analysis, development and monitoring of controls
• Significant analytical and critical thinking skills
• Excellent verbal and written communication skills enabling candidate to prepare and present recommendations to senior management
• Ability to manage multiple projects concurrently to work under pressure to meet tight time commitments
• Ability to work on word processing, spreadsheet, process flow and presentation applications
• Ability to build and maintain collaborative working relationships with Information Technology and Business personnel to design and assist in the execution of appropriate controls design and monitoring
• Ability to influence information technology leaders in the effective review and management of controls to mitigate risk.
• Strong knowledge of information security principles and application
• Strong governance exposure
• Ability to work with and influence senior executives
• Financial management
• Quality management
• Risk management
• Knowledge management
• Supplier management
• Entrepreneurially minded
• Pro-activeness in addressing any service / quality issues and deviations from plan
• Experience within Exchanges/Financial Services sector will be a distinct advantage
FREEDOM TO ACT
The Head of Information Risk Management has considerable freedom to act in order to deliver the environment desired for the provision of an efficient and effective operation. He/She will be expected to work to a high level of technical standard, accuracy and lead by example. The successful candidate is expected to:
• Define, manage and own approved technology risk budgets
• Deal with uncertain business and technology objectives.
• Manage and be accountable for dependencies, exceptions, slippage, issues and priorities on risk initiatives and projects
• Manage and be accountable for the management of risk and opportunities including the development of contingency plans.
• Manage issues and change
PROBLEM SOLVING
The post holder will be expected to work actively to achieve enterprise security goals within a set of resource constraints. S/he will need to:
• Have the ability to think logically, analyse situations and lead teams in complex
problem solving
• Work with all stakeholders to develop strategic solution options and delivery plans
• Ensure all changes are well tested and managed in a controlled manner with full rollback plans
COMMUNICATING WITH OTHERS
The Head of Information Risk Management will be expected to have excellent communication skills and experience in working with sponsors and other members of the business. The following points illustrate this:
• Communication and visibility of all critical issues and their status and service restore plans
• Define team member roles and expectations, and ensure timely feedback
• Ensure proper documentation of all procedures and policies against organizational standards and best practices
• Communicate the technical and service improvement plans to internal and external stakeholders
LEADERSHIP
• The post holder will need to be an effective leader to create effective, informed and highly motivated team(s) focused on delivery. S/he will need to:
• Set overall direction for the team
• Monitor and maintain team morale
• Ensure the coherence of the service, technical project(s), dependencies and conflicts and develop and maintain the appropriate environment to support all areas involved in the delivery.
• Influence, inspire and lead cross functional project teams
• Be an advocate for the wider adoption of risk and security management best practices both internally and externally
PEOPLE MANAGEMENT & DEVELOPMENT
• The post holder will need good people skills to:
• Define and scope the resource requirements for the formation of the programme team.
• Create clarity of roles and responsibilities for members of the team.
• Demonstrate motivational and ‘High Performance Output’ leadership, building effective working relationships with the overall team, Business team(s) and stakeholders.
• Manage conflicts and dependencies across teams and wider stakeholder group
• Coach, mentor, appraise and develop managers and team members
FINANCIAL CONTROL
• The post holder will be expected to budget for the department and maintain monitoring and management of spend. This will cover the following activities:
• Development of a robust business case for the programme(s) and re-forecast value creation where necessary
• Support the process for ensuring regular tracking and management of costs against budget
• Negotiation of optimal prices with suppliers while ensuring sound service levels
QUALIFICATIONS & REQUIREMENTS
• B.Sc degree in Computer Science, Engineering discipline, Mathematics or Physics will be a distinct advantage
• A good IT Systems Audit background is preferred
• Indepth understanding of principles, practices and techniques related to Information Risk Management
• Strong judgement , analysis and decision making skills
• Sound knowledge of Information Risk Management policies and standards
• Previous experience in developing and implementing information security strategies and projects
• Excellent communication and interpersonal skills
• Proven project and risk management capabilities with a focus on resolving complex problems
• Effective team and matrix management skills in multi-cultural environments
• Working knowledge of applicable security/risk concepts and methodologies
• Working knowledge of the underlying technologies within Risk
• Familiarity with the Information Security sections of the Operations and IT Policies
• Knowledge of information security trends and best practice – Experience of COBIT, ISO 27001, BS 7799 or other relevant frameworks is essential.
• Official security certification (e.g. CISA, CISSP, etc)
• Experience in managing/working with senior stakeholders at CTx/Exec level will be a distinct advantage
Apply for this jobDisclaimer: The owners of this website (http://www.ngbestcareers.com) are not affiliated in any way with the companies whose vacancies are published here.
No comments:
Post a Comment