The IT Risk Advisor is responsible for supporting the execution of the ERM frameworks top-down and strategic risk components to facilitate business and enterprise wide risk awareness and reporting in Information Technology.
Duties and Responsibilities
- Demonstrates technical expertise for complex or unique business activities in Information Technology (IT) and serves as a trusted advisor to interface with technology leaders throughout the division.
- Applies, experience, technical knowledge, analytical insight, judgment, and experience to evaluate risk for IT.
- Manages and executes the risk assessments at all levels of complexity. Utilizes the risk management framework to identify and evaluate risks, exposure, and controls relating to IT business processes and service/project initiatives.
- Establishes and maintains relationships with mid-to senior level management within IT.
- Supervises staff assigned to risk assessments assuring efficient and effective completion of risk assessments.
- Communicates progress of the assessment work and concerns that arise throughout the assessment process to Enterprise Risk Management and IT leadership. Keeps management informed by communicating progress, issues, concerns, and opportunities.
- Establishes and maintains relationships with service providers that can provide specific technical knowledge to support risk assessment activities. Manages service provider activities including monitoring of work and ensuring quality of deliverables and accuracy of billings.
- Prepares and presents risk assessment reports to risk leadership and assists with presenting the reports to IT management. Highlights relevant findings, trends, risks and exposures for IT leadership. Assists risk leadership with compiling an overall view of risk for IT by creating and maintaining risk exposure reports for the division.
- Reviews and ensures the accuracy of the analytical findings entered into SENTINEL by others within the division. Provides guidance and motivation as needed to less experienced team members.
- Works with the Core Enterprise Risk Management Team to stay current with the risk management framework and maintains current knowledge of advances in the field of risk management. Shares knowledge and champions the implementation of risk management best practices with the team. Identifies opportunities to improve the risk management plan. Presents recommendations to manager/department head and implements solutions.
- Participates in special projects and performs other duties as assigned.
- Bachelor's degree is required with emphasis in IT, finance or accounting, related certification or equivalent combination of training and experience.
- A minimum of 5+ years general business experience, with progressively responsible operations management, compliance, risk management or auditing experience from which knowledge of in internal control and risk management was obtained preferred.
- Technical expertise in assigned business activities for Information Technology.
- Advanced knowledge of one or more IT platforms: i.e. Client Server, OS/390, CICS, MQ Series, Microsoft Windows NT, LDAP, Netscape Application Server, UNIX, DB2, or Sybase.
- An in depth understanding of complex business activities unique to a specific industry.
- Excellent relationship management, communication, and analytical skills required.
- Familiarity with risk management theory and experience in applying risk management concepts.
- Demonstrated project management experience including large scale projects and programs.
- The ability to complete a ‘to be determined’ risk management certification.
- 2 positions are available. One position will be aligned to support GSO, the other to support CTO.
***Vanguard is not offering visa sponsorship for this position***