IRM Risk and Controls Manager
Company: Integrated Resources, Inc ( IRI )
Location: Houston
Posted on: May 28, 2023
|
|
Job Description:
JOB DESCRIPTION IRM Risk and Controls Management JG5 General
Position Definition General Position Definition The purpose of the
Security & Compliance (S&C) function is to ensure (as a first
line of defence, with IRM providing the second line of defence and
internal audit providing the third line of defence) that Client is
addressing Information Risks in an effective and efficient manner,
commensurate with Client risk appetite, and being seen as an
industry leader among peers and key suppliers of security services.
The Information Risk posture of Client includes a wide variety of
potential business impacts, such as HSSE impacts, production loss,
financial and maintenance operations loss, loss of Most
Confidential bidding data. The S&C function performs risk
assessment, defines the selection of mandated IT Controls, and
designing of these controls. The function organises communication
campaigns to impact the behaviour of business and IT staff where it
relates to Information Risks. Position description - Purpose
Purpose The Security & Compliance (S&C) Competency Centre (CC)
Senior Analyst supports in the identification, prioritization and
management of all Confidentiality, Integrity, Availability and
Regulatory risks to the services delivered by Client IT and
suppliers. This is to ensure the risk to Client is reduced to an
acceptable level and managed effectively and is achieved by
ensuring an appropriate risk and control framework is in place,
identifying, assessing and developing remediation plans for all
risks and by ensuring all new developments are appropriately
assessed. This job requires extensive interaction with IRM staff
and other business risk related roles in Client like portfolio
managers, project managers, (security) architects and component
service managers/Operations Landscape managers. Position
description - Accountabilities Accountabilities The Security &
Compliance (S&C) Competency Centre (CC) Senior Analyst is
responsible for the following: Project Review and Technical Advice
- Review all new high risk projects; new technical designs; for
Information risks and advise on suitable controls and mitigations
at early stages of the program. - Lead the S&C Analyst for
specific technology and advice on the Information security for
their projects. - Offer advice to Client and suppliers to assist in
resolving questions and issues around how to manage risk - Provide
Subject Matter Expertise for projects and business stakeholders, in
combination with the Improvement Program. - Work with the
architecture community to review new technology and architecture
innovations. The Security & Compliance (S&C) Competency Centre
(CC) Senior Analyst is responsible for supporting the following:
Risk Management and Mitigation - Assess and classify all potential
business and infrastructure information risks. - Execute, with
suppliers, risk analyses on IT application/services. - Develop and
socialize our overall risk profile and action plans to mitigate
risks - Review and recommend approval project charters. -
Facilitate smooth conduct of Risk Assessment (including Legal &
Regulatory) on Applications, Network& Systems - Perform end to end
Security Assessment on vendor offerings New/Leveraging existing
(SAAS / PAAS/IAAS) services including integration with Client
environment. - Translate Technical, legal and Regulatory Compliance
obligations into a cohesive collection of Security Controls and
provides the respective stakeholders with the IRM requirements and
its implementation methodologies. - Support in development of
tooling to support IRM processes and ensuring this is fit for
purpose. - Actively participate in S&C team and community
meetings, representing S&C and Business interests in other CC
forums. - Support during Internal /External Audit - Ensure that
S&C continues to focus on risks significant to the Business,
with emphasis on innovation. Controls Management and Optimization -
Ensure controls are both risk-driven and based on industry
standards - Review and approve the control design of supplier and
Client technical specifications aProductst Shells control
requirements, as agreed contractually, during PDF project. -
Support the development of new IRM policies, tooling, procedures
where required. Position description - Dimensions Dimensions An
Individual Contributor, part of global IT engineering team Face of
S&C; Interfaces with Project Delivery staff/Business / Business
IT teams Responsible for the management of risk involving the
security, IT regulations, Client IT policies and other IT controls
for all services delivered by the Key business and Infrastructure
Suppliers and all services. Position description - Special
Challenges Special Challenges A special challenge will be to stay
on top of the many engagements while at the same time having a deep
understanding of Information security. Communication and
Stakeholder Management skills are essential for this role, being
able to cut through complex IT issues and explaining those in easy
Business language. Experience and Qualifications required
Experience and Qualifications required Relevant (> 6 years)
experience with Information security and risk management Good
understanding of, and experience with Information Risk Management,
IT Security and Compliance and Security Controls and Audit Advanced
understanding of internal and external IT security standards, SOX,
PCI, SOC2/1, ISO27001 standards and relevant legal compliance
aspects. Robust understanding of, and solid experiences with the
impact of Security on application development and operations as
well as the IT Infrastructure. Ability to promote high performance
teams, working with inclusiveness and cultural diversity, across
organizational boundaries. Good understanding of cloud security
requirements and third-party control assurance. Ability to
interface with different groups (Third parties, Business and IT)
internal and external to IT (security) and to network globally
across Group businesses, as well as with external groups. Technical
knowledge & relevant experience in security domains /technologies
related to: o Infrastructure/Network security o Identity and Access
Management o Business Impact Assessment o Application security o
Data Leakage Prevention o End-Point Protection o Web filtering
technologies, Proxies and firewalls. o Vulnerability Assessment /
Penetration Testing o Cloud security Knowledge of Data Security
Standards: PCI DSS, Privacy Principles Driving Platform /
Application security and compliance Ability to foresee and identify
mitigation strategies for RisksCandidate must also: o Display
excellent communicating and influencing skills o Display analytical
and problem solving skills o Be pro-active and self-motivated o
Display strong interpersonal and negotiating skills with all levels
of staff. o Display Ability and eagerness to quickly learn new
technologies. Qualifications A qualification in CISSP, CISA, CRISC
or CISM Experience Must have previous experience in an
(Information) Risk management and Control design role Key
Competences required Competence Level Demonstrated evidence of
Enterprise first values and behaviours will be considered during
the selection process. Risk & Controls Management Mastery IT
Security Mastery PCI Compliance Knowledge IT Audit Knowledge
Infrastructure/Application Knowledge Skill Corporate, Industry and
Industry Standards Skill Business Continuity Planning Knowledge
Analyse & Solve Problems Skill Build Shared Vision Skill Conceptual
thinking Skill Influence & Persuasion Skill Project Development
Methods/Techniques Knowledge Motivates, Coaches and Develops Skill
Customer/Delivery Focus Skill
Keywords: Integrated Resources, Inc ( IRI ), Houston , IRM Risk and Controls Manager, Executive , Houston, Texas
Click
here to apply!
|