Risk Manager

Job Skills and Responsibilities:

Must have:

• Function as a Subject Matter Expert in several IT risk domain (eg.: Access control, change management, cryptography, secure network design etc.) on IT internal controls, including risk assessment and analysis.
• Experienced in third party vendor management program.
• Experienced in review of SSAE18, SOC 2, HITRUST, SIG and CAIQ reports.
• Understanding of application and network security and should understand penetration testing and scan reports.
• Certifications such as CISA, CISSP will be good to have.
• Third Party Vendor Management, GRC, Internal Audits (Information Security).

Responsibilities:

• Should be independently able to perform information security audits and assessments on third party vendors depending upon the vendor type and criticality.
• Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues, advice with identifying compensating controls alternative where compliance requirements cannot be met.
• Document and present overall residual risk to higher management for approvals and risk acceptances.
• Interact with vendors, business and multiple stakeholders to assess, explain and remediate the risks identified.
• Support key reporting activities associated within key functions.
• Perform adhoc  IT risk analysis and reporting.