IT Risk Manager

Solve IT Strategies is looking for a IT Risk Manager.This role is a remote  BUT

1. Preferred: Tri-State – visits to Times Square once-twice/month – non-reimbursed
2. Acceptable: East Coast/Midwest – travel to HQ in Florida once-twice/month – reimbursed

The Main Responsibilities are:

• Control Catalog - Strategic threat informed and linked control catalog structure
• Assessments
• Application Assessment Program – quantify inherent risk of an applications and the required set of controls that must be implemented and the residual risk for those controls.
• Infrastructure Assessment Program - Infrastructure includes networking devices, operating systems, storage infra, desktops, databases – assess conformance and control effectiveness of the risks and controls related to them.
• Regulatory Driven Assessments (Financial – SOX/CCAR, Payment Card – PCI, Cyber/Privacy – GLBA, FSP, GDPR)
• Developer Control lifecycle – the control requirements in the development ecosystem
• Assessment includes steps –
• Identify processes relevant for the org structure (what we do)
• Identify operational risks and assess how material those risks are
• Evaluate the effectiveness of controls to mitigate those risks
• Identify key metrics / thresholds to monitor controls / risks
• Monitor and report key deficiencies (Issues, Aps) related to technology
• Metrics / Monitoring / Reporting
• Technology Operational Risk Metrics – to support the management of operational risk
• Support reporting to firmwide tech, LOB tech risk / control committees
• Use of Industry frameworks – NIST, CPMI-IOSCO, FSP (financial sector profile as framework