Lead Manager – IT and Operational Risks

Engineering Graduate (Mechanical / Electrical) with at least 9 years of relevant experience.

Or

BCS or equivalent with at least 10 years of relevant experience. Candidate must have at least 4 years of relevant experience as a Functional / Team Lead. Registration with PEC is mandatory for Engineers. Preferred Certifications: CISA, CRISC, CISSP, etc. Training in ISO 31000 on risk management will be a plus.

• Engineering Graduate (Mechanical / Electrical) with at least 9 years of relevant experience, or BCS or equivalent with at least 10 years of relevant experience.
• At least 4 years of relevant experience as a Functional / Team Lead.
• Registration with PEC is mandatory for Engineers.
• Preferred Certifications: CISA, CRISC, CISSP, etc.
• Training in ISO 31000 on risk management is a plus.

JOB SUMMARY

The purpose of this position is to ensure implementation of the risk management framework at SSGC's IT and Operational/Technical departments.

JOB RESPONSIBILITIES

• Establishes and communicates the organization's Enterprise Risk Management Framework, objectives and direction and provide guidance to achieve the ERM maturity model developed by the company.
• Implements ERM Framework, Risk Culture and Recommends risk management policies, risk appetite and risk limits to Executive Management.
• Designs, communicates and facilitates the use of appropriate Enterprise Risk Management methodologies, tools and techniques across the organization.
• Controls enterprise-wide risk assessments and monitors priority risks across the organization.
• Lead the development / implementation of system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Must have knowledge and experience of implementation of Information Security Management Systems based on ISO 2700X.
• Advance the design, delivery, and performance of IT risk metrics and reports including the Business Impact Assessment, IT Risk Management Framework, and the management of configurations and standards.
• Assess, evaluate and make recommendations to management regarding the adequacy of the security controls, risks involved for the organization's information and technology systems.
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures to meet defined requirements, policies and regulations.
• Lead enterprise, network, application, and cloud infrastructure risk assessments while maintaining process and procedural documentation.
• Coordinate and track all Operational, IT Risks, information technology and security related assessments including scope of assessment, parties involved, timelines, and outcomes.
• Provides insight and guidance to IT processes and projects to ensure best practices and security standards are maintained.
• Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
• Excellent knowledge and experience of information security, audit, risk management, compliance or risk consulting experience.
• Arranges and conducts Risk Workshops for confirmation of the Risk Registers and for identifying risks and mitigation controls of Risks.
• Provides guidance, coordination and subject matter expertise to business functions to ensure the implementation of the agreed risk management strategy.
• Works with all functional groups to establish, maintains and continuously improve risk management capabilities.
• Manage relationships with external consultants and supervise work programs.
• Plan the risk management related awareness amongst SSGC IT and Operation / Technical departments regarding the need and importance of this exercise as well as correct implementation of the program through guided training sessions and/or e-learning modules.
• Guide the IT function to undertake a thorough information systems risk assessment in order to obtain an understanding of the risks to the availability, integrity and confidentiality of data and systems.
• Ensure that such risk assessment encompasses all systems, including hardware, software, data, networks and any business processes to identify threats, vulnerabilities, probabilities of occurrence and potential impact.
• Ensure close coordination with individual technical or operational departments in proper articulation of key risks and determination of the severity of impact as well as probability of its occurrence, using a top-down as well as a bottom-up approach.
• Develop a common set of assessment criteria that can be used across operating departments and determine how much risk the organization faces.
• Identify and analyze risks and risk indicators pertaining to loss of critical systems, key suppliers, key employees etc.