Information Security Risk Manager

JobTitle: Information Security Risk Manager (Risk Advisor)

Job Type: Full-Time/Contract - 2 years (renewable)

Location: Trinidad and Tobago/Fully Remote

RoleSummary:

Provide Information Security & Technology Risk Management consulting services to Project teams based on Risk Management processes and procedures. Participate in Project meetings, Security Reviews, Walkthroughs, and Risk Assessments.

Key Responsibilities:

• Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape

• Assess applications, infrastructure, business units, business processes and external suppliers for information security risks, identifying the potential threats and exposures

• Examine and interpret requirements documents, architecture diagrams, solution designs and other written and verbal information to determine if a project, application, infrastructure or external supplier presents security risk to premium bank.

• Work with third party teams and internal development groups to interpret and review results from penetration tests on internet-facing applications as needed.

• Work with the required teams to ensure that code scans are completed for all new or modified code deployments

• Track to completion, issues raised during the risk management reviews (TRA / ISA / PEN test / CIRA, Code scans/PIRT). Ensure as necessary the logging of identified issues as deficiencies, if mitigation will not be possible prior to project implementation and the associated risk is within the Banks risk appetite.

• Collaboration with relevant teams will be required.

• Provide Information Security risk consulting services to projects; to ensure all information security policies, standards and processes are embedded in the designed and delivered solutions.

• Any other related requests from Senior Management

• In consultation with the senior manager, develops a risk-based schedule for business as usual (BAU) baseline risk assessments; collaborating with respective technology and business owners to mitigate any significant issues identified.

• As requested by senior manager, reviews all contract and third-party arrangements to ensure that information security policies are adhered to, and that sufficient security protection will be afforded to information assets.

Originally posted on Himalayas