Review and assess risk management policies and protocols; make recommendations and implement modifications and improvements.
Engage with internal stakeholders for holistic response management on identified vulnerabilities and remediation efforts.
Analyze security issues, determine cause and impact, and suggest corrective actions to eliminate and prevent recurrence.
Develop, track, and report on Key Risk Indicators (KRIs) for information technology.
Monitor, track, and report mitigation and resolution of IT risks.
Verify that IT risks are appropriately mitigated and lead multiple stakeholders in agreement on appropriate solutions/controls.
Analyze risks, including identifying, describing, and estimating risks affecting the business.
Conduct deep dives on IT security-related processes and systems.
Ensure effective execution of the risk management framework by managing relationships with key stakeholders within strategic business groups and technology.
Advise leadership on technology initiatives that support the latest trends in IT security, risk, and controls.
Provide expertise for resolution and risk mitigation.
Perform process-level walkthroughs, control testing, and risk assessments to identify current and future security vulnerabilities.
Collaborate with IT Service teams to determine reporting and metrics needs; share and present reporting and metrics to Cybersecurity and IT Leadership.
Identify and recommend appropriate measures to manage and remediate vulnerabilities, reducing potential impacts on information resources to a level acceptable to senior management.
Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner and within cloud solutions.
Understand business requirements and work with teams to define appropriate security solutions while meeting business needs.
Champion vulnerability management and information security, broadening awareness and use of the team’s services, educating on security best practices, and integrating with other business areas.
Identify potential regulatory and non-regulatory risks through thorough and ongoing risk assessments with relevant business leads.
Guide and support Stakeholders for remediation with technical support.