IT Risk Mgmt

**Our vision is to transform how the world uses information to enrich life for all.**

Join an inclusive team passionate about one thing: using their expertise in the relentless pursuit of innovation for customers and partners. The solutions we build help make everything from virtual reality experiences to breakthroughs in neural networks possible. We do it all while committing to integrity, sustainability, and giving back to our communities. Because doing so can fuel the very innovation we are pursuing.

JR22722 IT Risk Mgmt

Job Description - GRC/IT-DR Manager, GSO

The GRC and IT-DR Manager will be accountable for establishing and leading Cyber Risk Management function. This individual will be accountable for the organization’s governance of cybersecurity risk domains by developing and implementing executive-level processes responsible for overseeing and managing cybersecurity risk. As part of the second line of defense, you will collaborate closely with leaders in Cyber, Technology, the Lines of Business, and other risk management offices to lead and oversee evaluations of the firm’s cybersecurity strategy and priorities and offer independent advice and recommendations regarding ways to further mature the firm’s cyber and risk management posture and cyber risk policies. In addition, you will lead the identification and analysis of new or emerging cybersecurity and technology risks to the enterprise as related to your accountable domain(s). Further, as a technology leader you will need to be a strong communicator, who can not only create materials, but can also deliver them to all levels of the organization.

**Essential Functions**:

- Develop and implement processes to provide independent oversight and effective challenge of the firm’s cybersecurity priorities.
- Ensure effective governance by identifying, framing, and presenting risk topics to be discussed by senior management in enterprise cyber risk forums.
- Draft agendas, manage action items, and coordinate with stakeholders to develop a robust understanding of the risk posture as related to accountable cyber security domain(s).
- Advise and consult on the development and management of new cybersecurity policies, standards, and procedures.
- Stay current on emerging cyber threats and potential implications to the firm as related to accountable cyber security domain(s).
- Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve strategic objectives.
- Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups
- Provide ownership of several key GRC operational activities.

**Responsibilities**
- Hire, and develop GRC resources to manage the operational duties of the GRC.
- Develop, document, and maintain risk governance, such as committees, charters, minutes, and Key Risk Indicators.
- Implement and manage the issues log, detail risks and weaknesses identified by any line of defense, including regulators, and monitor toward timely resolution.
- Facilitate the definition of appetite and guidelines with the applicable risk owners.
- Facilitate the collection of risk data from applicable risk owners.
- Develop and execute the enterprise risk assessment, ensuring coordination with other risk assessments
- Develop report templates, mechanisms, and other supporting documents and templates across the risk domains.
- Develop and provide risk rating framework for management
- Perform a training and awareness needs assessment; develop and implement applicable training ensuring coordination with other required training.
- Design, develop, implement, and maintain the Risk Management program.
- Act as liaison for those in diverse risk roles across the organization, ensuring strong communication and training; build rapport and confidence with risk managers so information is freely shared and the various teams move toward standardized and candid reporting of risks and issues, and resolutions.
- Serve as a risk advisor on critical projects and initiatives
- Design and execute comprehensive audit programs and controls to address the identified risks.
- Lead site visits in an international (APAC) environment to ensure timely conclusion during fieldwork
- Manage multiple stakeholders in complex environments.
- Lead meetings with clients and articulate to non-IT personnel the team’s conclusions and recommended improvements.
- Collaborate with external auditors to ensure effective and efficient audit procedures.
- Assists the audit engagement product owner in determining audit program customization requirements and respective program steps.
- Collaborate with Legal, Business Unit, Area Business Organization, and IT leadership to develop assessment criteria to reduce risk and development of risk mitigation approaches

**Qualifications**:

- Minimum 15 years of experience managing, consulting, auditing, or working in the fields of inform