This role provides organization with strategic direction in the establishment of IT risk-based auditing, reporting methodologies, and organization design. This is a stand alone position, reporting to the CTO and with no direct reports.
? Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
and standards related to information systems to determine their potential impact on the business objectives.
and supporting capabilities to assist in the evaluation of enterprise risk.
Create and maintain a risk register to ensure that all identified risk factors are accounted for.
Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
Analyse risk scenarios to determine their impact on business objectives.
Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
Interview process owners and review process design documentation to gain an understanding of the business process objectives.
Analyse and document business process objectives and design to identify required information systems controls.
Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
Test information systems controls to verify effectiveness and efficiency prior to implementation.
Implement information systems controls to mitigate risk.
Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives
Architecture, CTO, Management, Metrics, Risk Management
Robert Half Technology