Manager

Skill: Risk Manager

Must have:

• Function as a Subject Matter Expert in several IT risk domain (eg.: Access control, change management, cryptography, secure network design etc.) on IT internal controls, including risk assessment and analysis.

• Experienced in third party vendor management program.

• Experienced in review of SSAE18, SOC 2, HITRUST, SIG and CAIQ reports.

• Understanding of application and network security and should understand penetration testing and scan reports.

• Certifications such as CISA, CISSP will be good to have.

• Third Party Vendor Management, GRC, Internal Audits (Information Security).

Responsibilities:

• Should be independently able to perform information security audits and assessments on third party vendors depending upon the vendor type and criticality.

• Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues, advice with identifying compensating controls alternative where compliance requirements cannot be met.

• Document and present overall residual risk to higher management for approvals and risk acceptances.

• Interact with vendors, business and multiple stakeholders to assess, explain and remediate the risks identified.

• Support key reporting activities associated within key functions.

• Perform adhoc IT risk analysis and reporting.

#LI-NR3