Chief Manager – IT and Operational Risks

Engineering Graduate (Mechanical / Electrical) with at least 9 years of relevant experience.

Or

BCS or equivalent with at least 10 years of relevant experience.

Candidate must have at least 04 years of relevant experience as a Functional / Team Lead.

Registration with PEC is mandatory for Engineers.

Preferred Certifications In CISA, CRISC, CISSP, Etc.

Training in ISO 31000 on risk management will be a plus.

Job Summary

The purpose of this position is to ensure implementation of the risk management framework at SSGC’s IT and Operational/Technical departments.

Job Responsibilities

• Establishes and communicates the organization’s Enterprise Risk Management Framework, objectives and direction and provide guidance to achieve the ERM maturity model developed by the company
• Implements ERM Framework, Risk Culture and Recommends risk management policies, risk appetite and risk limits to Executive Management.
• Designs, communicates and facilitates the use of appropriate Enterprise Risk Management methodologies, tools and techniques across the organization.
• Controls enterprise-wide risk assessments and monitors priority risks across the organization.
• Lead the development / implementation of system-wide risk management function of the information security program to ensure information security risks are identified & monitored
• Must have knowledge and experience of implementation of Information Security Management Systems based on ISO 2700X
• Advance the design, delivery, and performance of lT risk metrics and reports including the Business Impact Assessment, lT Risk Management Framework, and the management of configurations and standards
• Assess, evaluate and make recommendations to management regarding the adequacy of the security controls, risks involved for the organization's information and technology systems
• Lead the system-wide information security compliance program, ensuring lT activities, processes, and procedures to meet defined requirements, policies and regulations
• Lead enterprise, network, application, and cloud infrastructure risk assessments while maintaining process and procedural documentation
• Coordinate and track all Operational, lT Risks, information technology and security related assessments including scope of assessment, parties involved, timelines, and outcomes
• Provides insight and guidance to IT processes and projects to ensure best practices and security standards are maintained
• Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates
• Excellent knowledge and experience of information security, audit, risk management, compliance or risk consulting experience
• Arranges and conducts Risk Workshops for confirmation of the Risk Registers and for identifying risks and mitigation controls of Risks
• Provides guidance, coordination and subject matter expertise to business functions to ensure the implementation of the agreed risk management strategy.
• Works with all functional groups to establish, maintains and continuously improve risk management capabilities.
• Manage relationships with external consultants and supervise work programs.
• Plan the risk management related awareness amongst SSGC IT and Operation / Technical departments regarding the need and importance of this exercise as well as correct implementation of the program through guided training sessions and/or e-learning modules.
• Guide the IT function to undertake a thorough information systems risk assessment in order to obtain an understanding of the risks to the availability, integrity and confidentiality of data and systems.
• Ensure that such risk assessment encompasses all systems, including hardware, software, data, networks and any business processes to identify threats, vulnerabilities, probabilities of occurrence and potential impact.
• Ensure close coordination with individual technical or operational departments in proper articulation of key risks and determination of the severity of impact as well as probability of its occurrence, using a top-down as well as a bottom-up approach.
• Develop a common set of assessment criteria that can be used across operating departments and determine how much risk the organization faces.
• Identify and analyze risks and risk indicators pertaining to loss of critical systems, key suppliers, key employees etc.
  
  

into the risk management program along with the corresponding business continuity decisions.

• Help the departments in categorization of the risks according to a pre-defined criterion into categories including “critical”, “catastrophic” etc.
  
  

based on level of severity and likelihood of happening (e.g. almost certain, likely, possible).

• Assess key risk areas including operations risk, compliance risk, legal risk, liquidity risk etc.
  
  

and provide feedback to departmental heads on steps needed to mitigate these risks.