Master information

Task description and requirements

• Implement and maintain a comprehensive IT risk management practice across the global IT organization. This includes identifying potential IT risks, evaluating their impact, formulating mitigation strategies, and tracking their progress.
• Regularly review and monitor the IT risk management process to ensure its effectiveness and alignment with the organization's risk appetite and business objectives.
• Establish communication and reporting mechanisms to ensure IT and business leadership are aware of IT risks. Analyze and process risk data to identify patterns and trends.
• Collaborate with the Executive Risk Management team on the evaluation and reporting of relevant IT risks as part of the overall ERM process.
• Lead a team of risk analysts and foster a collaborative environment focused on managing cyber and technology risks.
• Deliver risk management training to the IT community and cultivate a risk-aware culture within the organization.
• Manage and oversee the evolution of the Integrated Risk Management (IRM) platform (Service-Now IRM), including entities, risk statements, and controls.
• Serve as a subject matter expert in IT risk and mitigation, empowering stakeholders to take ownership of IT risks and encouraging the reporting of potential risks.
• Work closely with all levels of IT leadership and business stakeholders to ensure a clear understanding of issues and risks, enabling informed decision-making.

• Display leadership and independence in the execution of responsibilities.
• Maintain a high level of personal integrity and discretion, especially when handling confidential matters.
• Build and maintain strong working relationships with team members, business partners, and stakeholders across different departments.
• Exhibit critical thinking and problem-solving skills, with the ability to rapidly understand complex business, technology, and risk management concepts.
• Exercise sound judgment when navigating situations where policies may not be well-defined.
• Demonstrate strong communication and interpersonal skills, with the ability to engage with business and IT professionals at various levels.
• Accommodate international conference calls across different time zones when necessary.

• 8+ years of senior-level experience in Information Security or IT Audit, with at least 2 years in Risk Management.
• Bachelor's degree in Information Technology, Computer Science, Engineering, or a related field.
• Experience in large/global enterprise IT environments.
• Working knowledge of enterprise IT security concerns and technologies (e.g., VPNs, network security, encryption, Firewalls, LAN/WAN, TCP/IP).
• Familiarity with IT governance frameworks such as NIST and ISO 2700x.
• Experience in risk management, including risk analysis, mitigation, and monitoring.
• Knowledge of information security regulations.
• Excellent interpersonal and communication skills.
• Ability to work with minimal supervision and take initiative in problem-solving.
• Strong organizational and project management skills.
• Proficiency in analytical and diagnostic problem-solving.
• Experience with compliance and understanding of information security requirements.
• Willingness to occasionally work outside of standard business hours.

• Familiarity with Service-Now Integrated Risk Management (IRM) platform.
• Professional certifications in one or more of the following disciplines: IT governance (CGEIT), security (CISSP, CISM), internal audit (CISA), or Payment Card Industry (PCI) compliance.

Category