Lead Manager – IT and Operational Risks

Engineering Graduate (Mechanical / Electrical) with at least 9 years of relevant experience.

Or

BCS or equivalent with at least 10 years of relevant experience. Candidate must have at least 04 years of relevant experience as a Functional / Team Lead. Registration with PEC is mandatory for Engineers. Preferred Certifications in CISA, CRISC, CISSP, etc. Training in ISO 31000 on risk management will be a plus.

Responsibilities:

JOB SUMMARY

The purpose of this position is to ensure implementation of the risk management framework at SSGC's IT and Operational/Technical departments.

JOB RESPONSIBILITIES

1. Establishes and communicates the organization's Enterprise Risk Management Framework, objectives and direction and provide guidance to achieve the ERM maturity model developed by the company.
2. Implements ERM Framework, Risk Culture and recommends risk management policies, risk appetite and risk limits to Executive Management.
3. Designs, communicates and facilitates the use of appropriate Enterprise Risk Management methodologies, tools and techniques across the organization.
4. Controls enterprise-wide risk assessments and monitors priority risks across the organization.
5. Lead the development / implementation of system-wide risk management function of the information security program to ensure information security risks are identified & monitored.
6. Must have knowledge and experience of implementation of Information Security Management Systems based on ISO 2700X.
7. Advance the design, delivery, and performance of IT risk metrics and reports including the Business Impact Assessment, IT Risk Management Framework, and the management of configurations and standards.
8. Assess, evaluate and make recommendations to management regarding the adequacy of the security controls, risks involved for the organization's information and technology systems.
9. Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures to meet defined requirements, policies and regulations.
10. Lead enterprise, network, application, and cloud infrastructure risk assessments while maintaining process and procedural documentation.
11. Coordinate and track all Operational, IT Risks, information technology and security related assessments including scope of assessment, parties involved, timelines, and outcomes.
12. Provides insight and guidance to IT processes and projects to ensure best practices and security standards are maintained.
13. Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
14. Excellent knowledge and experience of information security, audit, risk management, compliance or risk consulting experience.
15. Arranges and conducts Risk Workshops for confirmation of the Risk Registers and for identifying risks and mitigation controls of Risks.
16. Provides guidance, coordination and subject matter expertise to business functions to ensure the implementation of the agreed risk management strategy.
17. Works with all functional groups to establish, maintain and continuously improve risk management capabilities.
18. Manage relationships with external consultants and supervise work programs.
19. Plan the risk management related awareness amongst SSGC IT and Operation / Technical departments regarding the need and importance of this exercise as well as correct implementation of the program through guided training sessions and/or e-learning modules.
20. Guide the IT function to undertake a thorough information systems risk assessment in order to obtain an understanding of the risks to the availability, integrity and confidentiality of data and systems.
21. Ensure that such risk assessment encompasses all systems, including hardware, software, data, networks and any business processes to identify threats, vulnerabilities, probabilities of occurrence and potential impact.
22. Ensure close coordination with individual technical or operational departments in proper articulation of key risks and determination of the severity of impact as well as probability of its occurrence, using a top-down as well as a bottom-up approach.
23. Develop a common set of assessment criteria that can be used across operating departments and determine how much risk the organization faces.
24. Identify and analyze risks and risk indicators pertaining to loss of critical systems, key suppliers, key employees etc.
25. Help the departments in categorization of the risks according to a pre-defined criterion into categories including "critical", "catastrophic" etc. based on level of severity and likelihood of happening (e.g. almost certain, likely, possible).
26. Assess key risk areas including operations risk, compliance risk, legal risk, liquidity risk etc. and provide feedback to departmental heads on steps needed to mitigate these risks.