IT Security, Risk and Compliance - Global IT Risk Manager (PCK333-255932) Jersey City, New Jersey

The Global IT Risk Manager could be located in Jersey City, NJ or Houston, TX.

- Provide global coverage of the firm’s IT risk and control environment partnering with senior level business and corporate function representatives
- Provide advisory support to corporate/business units on the evaluation of IT risks, development of risk responses, and work with stakeholders to agree actions and implement process enhancements
- Work closely with business and corporate function IT risk officers to provide subject matter expertise on the firm’s structured IT risk assessment activities including; RCSAs, Top-Down Risk Assessments (TDRAs), Application Risk Assessments, SSAs, SAQs and SRAs
- Facilitate the development and reporting of enterprise-wide and business-unit KRIs for IT.
- Prepare IT risk reporting for senior IT management and firm-wide risk functions including Operational Risk Management (ORM)
- Facilitate enhancements to the IT process, risk and control library. Work with ORM teams on deployment of library enhancements into the firm’s GRC tools
- Work with program managers to ensure that key technology risks have been addressed prior to deploying new, or significantly modified, systems into production
- Identify and perform cause-and-effect assessments on specific IT risks as required by corporate and/or business unit priorities.
- Analyze and provide recommendations to streamline existing IT control processes which will result in reduced costs and process efficiencies
- Deliver and maintain IT risk training to the business and corporate function IT risk representatives
- Maintain and enhance the library of enterprise IT risk guidance, supporting tools and materials.
- Lead various enterprise IT risk program initiatives as required to support department and firm-level strategic goals
- Ensure IT risk representation and coordination with other enterprise risk and control functions and programs including ORM, IAD, Legal and Regulatory Compliance, Vendor Governance, IT security and ADM
- Ensure that corporate and regulatory system standards are met and that adequate controls and technical processes are in place
- Assist with the development of AIG IT Risk industry updates and IT Risk awareness campaigns. Perform regular reviews of industry and IT risk forums.
- Assist with the identification and assessment of emerging IT risks, and comparison of the firm’s IT risk capabilities to industry standards
- Keep abreast of the latest IT security, regulatory and compliance trends to support, compare and contrast analyses across various risk models, pinpointing differences in impact across

- 10+ years of experience in IT risk management preferred
- Bachelors degree. Masters degree preferred in business and information systems or equivalent. IT risk certification preferred, e.g. CRISC or similar
- Independent thinker, adaptable with strong problem solving skills and ability to make decisions
- Prior experience with structured IT risk assessment processes; including RCSA, program and application risk assessments, top-down risk assessments, scenario-based risk assessments
- Sound knowledge of a broad range of IT related processes and concepts
- Prior experience developing and reporting enterprise-wide IT key-risk indicators
- Prior experience with GRC tools, e.g. OpenPages and/or Archer preferred
- Excellent oral and written communication skills and ability to interact with senior risk, compliance and IT professionals across the firm

To apply, please click here