IT Risk Optimization Manager – ()
Description
Description
The Manager IT Risk Optimization is responsible for identifying, assessing and mitigating IT related risks to enhance the organizations overall risk posture and ensure alignment with business objectives. This role focuses on finding the optimal level of risk to enable innovation and business growth while minimizing potential negative impacts.
He/she will develop, implement, and continuously improve the organization’s IT risk management program, ensuring that IT risks are effectively identified, assessed, mitigated, and optimized in alignment with business objectives and regulatory requirements.
Job Responsibilities/ Accountabilities:
- Develop and implement risk management frameworks and strategies that prioritize risk optimization across IT processes and projects and that align with industry best practice (e.g., NIST, COBIT, ISO27005) and the organizations technology risk appetite.
- Benchmark the organization’s IT risk management program against industry best practices and identify opportunities for improvement.
- Conduct risk assessment, analyze potential vulnerabilities and work closely with cross-functional teams to design and implement controls that reduce risk exposure.
- Develop and track key risk indicators (KRIs) to provide early warning of potential IT risks.
- Monitor the effectiveness of risk mitigation efforts, report on technology risk status to senior management.
- Ensure compliance with all applicable regulatory requirements, industry standards and internal policies related to Technology Risk Management.
- Automate compliance monitoring and reporting processes to improve efficiency and accuracy.
- Manage IT compliance audits, both internal and external, and ensure that audit findings are addressed effectively.
- Manage the organization’s third-party risk management (TPRM) program, including vendor risk assessments, contract reviews, and ongoing monitoring.
- Foster a risk-aware culture within the organization by raising awareness of IT risks and security best practices.
- Provide training and guidance on risk management best practices to IT staff and other stakeholders.
- Continuously improve risk management processes to adapt to evolving threats and business needs.
- Stay up-to-date on the latest IT security threats, vulnerabilities, and risk management techniques.
Qualifications
Qualifications
Knowledge and Experience
- Bachelor’s or Master’s degree in Information Technology, Computer Science, or a related field.
- Hold relevant industry certifications (e.g., CISM, CRISC, CGEIT, ISO 31000, Certified in Quantitative Risk Management (CQRM)).
- Minimum 6 years of experience in Information Technology with at least 3 years of proven experience in developing and implementing IT risk management frameworks and strategies.
- Deep understanding of IT Risk assessment methodologies (e.g., NIST, COBIT, FAIR) and Regulatory compliance frameworks (e.g., GDPR, PCI DSS)
- Experience with quantitative risk analysis techniques an added advantage.
Key Critical Competencies & Skills
- Excellent in preparation of reports, dashboards and documentation
- Strong knowledge of risk management principles and practices.
- Strong analytical and problem-solving skills.
- Excellent communication, interpersonal, and presentation skills.
- Ability to work effectively with cross-functional teams.
- Proficiency in analysis and presentations skills using MS Excel, MS Word and MS PowerPoint.
