IRM Risk and Controls Manager

Company: Integrated Resources, Inc ( IRI )
Location: Houston
Posted on: May 28, 2023

Job Description:

JOB DESCRIPTION IRM Risk and Controls Management JG5 General Position Definition General Position Definition The purpose of the Security & Compliance (S&C) function is to ensure (as a first line of defence, with IRM providing the second line of defence and internal audit providing the third line of defence) that Client is addressing Information Risks in an effective and efficient manner, commensurate with Client risk appetite, and being seen as an industry leader among peers and key suppliers of security services. The Information Risk posture of Client includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. The S&C function performs risk assessment, defines the selection of mandated IT Controls, and designing of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks. Position description - Purpose Purpose The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst supports in the identification, prioritization and management of all Confidentiality, Integrity, Availability and Regulatory risks to the services delivered by Client IT and suppliers. This is to ensure the risk to Client is reduced to an acceptable level and managed effectively and is achieved by ensuring an appropriate risk and control framework is in place, identifying, assessing and developing remediation plans for all risks and by ensuring all new developments are appropriately assessed. This job requires extensive interaction with IRM staff and other business risk related roles in Client like portfolio managers, project managers, (security) architects and component service managers/Operations Landscape managers. Position description - Accountabilities Accountabilities The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst is responsible for the following: Project Review and Technical Advice - Review all new high risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program. - Lead the S&C Analyst for specific technology and advice on the Information security for their projects. - Offer advice to Client and suppliers to assist in resolving questions and issues around how to manage risk - Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program. - Work with the architecture community to review new technology and architecture innovations. The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst is responsible for supporting the following: Risk Management and Mitigation - Assess and classify all potential business and infrastructure information risks. - Execute, with suppliers, risk analyses on IT application/services. - Develop and socialize our overall risk profile and action plans to mitigate risks - Review and recommend approval project charters. - Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems - Perform end to end Security Assessment on vendor offerings New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Client environment. - Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies. - Support in development of tooling to support IRM processes and ensuring this is fit for purpose. - Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums. - Support during Internal /External Audit - Ensure that S&C continues to focus on risks significant to the Business, with emphasis on innovation. Controls Management and Optimization - Ensure controls are both risk-driven and based on industry standards - Review and approve the control design of supplier and Client technical specifications aProductst Shells control requirements, as agreed contractually, during PDF project. - Support the development of new IRM policies, tooling, procedures where required. Position description - Dimensions Dimensions An Individual Contributor, part of global IT engineering team Face of S&C; Interfaces with Project Delivery staff/Business / Business IT teams Responsible for the management of risk involving the security, IT regulations, Client IT policies and other IT controls for all services delivered by the Key business and Infrastructure Suppliers and all services. Position description - Special Challenges Special Challenges A special challenge will be to stay on top of the many engagements while at the same time having a deep understanding of Information security. Communication and Stakeholder Management skills are essential for this role, being able to cut through complex IT issues and explaining those in easy Business language. Experience and Qualifications required Experience and Qualifications required Relevant (> 6 years) experience with Information security and risk management Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects. Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure. Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries. Good understanding of cloud security requirements and third-party control assurance. Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups. Technical knowledge & relevant experience in security domains /technologies related to: o Infrastructure/Network security o Identity and Access Management o Business Impact Assessment o Application security o Data Leakage Prevention o End-Point Protection o Web filtering technologies, Proxies and firewalls. o Vulnerability Assessment / Penetration Testing o Cloud security Knowledge of Data Security Standards: PCI DSS, Privacy Principles Driving Platform / Application security and compliance Ability to foresee and identify mitigation strategies for RisksCandidate must also: o Display excellent communicating and influencing skills o Display analytical and problem solving skills o Be pro-active and self-motivated o Display strong interpersonal and negotiating skills with all levels of staff. o Display Ability and eagerness to quickly learn new technologies. Qualifications A qualification in CISSP, CISA, CRISC or CISM Experience Must have previous experience in an (Information) Risk management and Control design role Key Competences required Competence Level Demonstrated evidence of Enterprise first values and behaviours will be considered during the selection process. Risk & Controls Management Mastery IT Security Mastery PCI Compliance Knowledge IT Audit Knowledge Infrastructure/Application Knowledge Skill Corporate, Industry and Industry Standards Skill Business Continuity Planning Knowledge Analyse & Solve Problems Skill Build Shared Vision Skill Conceptual thinking Skill Influence & Persuasion Skill Project Development Methods/Techniques Knowledge Motivates, Coaches and Develops Skill Customer/Delivery Focus Skill

Keywords: Integrated Resources, Inc ( IRI ), Houston , IRM Risk and Controls Manager, Executive , Houston, Texas