Job Description
The Risk Portfolio Manager will be a key member of a dedicated technology risk management group. They will work closely with an assigned IT functional area, region, or line of business to monitor the companies overall technology risk exposures. They will partner with Information Security, IT Compliance and other analysts to identify and assess technology risks. The Risk Portfolio Manager will interface with senior executives in their assigned area to drive risk treatment decisions, ensure technology risk is addressed in IT strategic planning, and be a trusted advisor for their business partners. This position is expected to drive the management of technology risk, and will be accountable for reducing risk in their areas. The successful Risk Portfolio Manager will possess extremely strong communication skills, as well as a subject matter expertise in Information Security, IT Compliance, and other technology risk areas.
Essential Duties and Responsibilities
- Serve as an advisor to the business by ensuring anongoing awareness of the risks associated with their technology portfolio
- Provide guidance related to the assignment and understanding of risk factors related to the use of technology in a given IT functional area or line of business
- Drive management of technology risk in your area, including ensuring proper evidence is gathered, and timely closure of remediation plans is achieved
- Collaborate with key stakeholders to obtain consensus on roadmap to jointly mitigate security risks
- Facilitate the frequency and depth of assessment processes based on the Risk Classification level assigned to the technology portfolio
- Establish, enforce and manage future assessment criteria for technology based on information risk, business criticality & compliance requirements
- Facilitate ongoing security assessment activities to validate appropriate aspects of the control environment exist
- Gather evidence of technical and operational controls
- Document and communicate control deficiencies identified
Qualifications:
Qualifications
- 10-15 years working within Information Technology, with the majority/focus in Information Security, IT Compliance, or IT Audit fields
- 3-5 years of experience focused on Risk Management disciplines
- Excellent verbal and written communication skills enabling candidate to prepare and present recommendations to senior management
- Strong understanding of risk management concepts and concerns, including probability management and quantified risk analysis
- Strong process orientation and understanding of technology and/or healthcare services, enabling candidate to provide support in the analysis, development and monitoring of controls
- Experience with industry-leading GRC technologies (Archer, OpenPages, etc.)
Preferred Qualifications
- Significant knowledge of information technology processes and controls and a deep understanding of risk and control frameworks (ISO, UCF, NIST, COBIT, ITIL, HIPAA, PCI, etc.)
- Experience with risk metrics aggregation, collection, and presentation
- CISA, CISM, CISSP, CRISC certifications a plus
- BA/BS, preferably in Technology, or related field of study required and MS is preferred
External hires must pass a background check/drug screen.
We are proud to be an equal opportunity/affirmative action employer.