Andy Post: recruiter@ptsgroup.

com IT Risk Manager/Information Security Officer We are seeking an IT Risk Manager and Information Security Officer who will be responsible for promoting IT risk management and information security risk management-related activities that manage the firms compliance with the IT risk management and information security policies. MANAGEMENT/ SUPERVISION Will supervise junior staff members. JOB FUNCTIONS/DUTIES AND RESPONSIBILITIES 1. Maintains and enforces the System risk management and Information security risk management framework/methodology. 2. Documents and maintains the System Risk governance methodology, the System risk management policies and the Information Security Policy and Standards. 3. Improves and promotes the System risk-related and Information security related activities. 4. Organizes, conducts and performs the Banks system risk and information security risk assessment and gap analysis process. 5. Organizes and performs the System risk assessment and gap analysis for all technologies, products and functions introduced to the Bank. 6. Establishes, reviews and verifies the System risk and information security risk related policies, standards, and procedures documentation. 7. Documents and confirms compliance with the information security requirement for System Development Life Cycle. 8. Monitors compliance with the Security Standards, Policy and Architecture. 9. Cooperate with the performance of annual mandatory information security awareness seminars to alert the Banks employees to the information security and best practices. 10. Prepares and/or coordinates Monthly/Quarterly Operational Risk Meeting. RISK MANAGEMENT 1. General Risk Management Responsibilities: Has good knowledge of applicable risk management practices required to create a culture of risk management compliance for his or her group or department. Identifies, assesses, and monitors applicable risks based on the Banks risk management policies and procedures. Reviews work of subordinates for risk management purposes, if applicable. Exhibits best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes. Specific type of risks applicable to the job function such as credit risk, market risk, liquidity risk, operational risk, legal/compliance risk, reputational risk and information security risk shall be discussed with the manager and senior manager of the area.

2. 3.

REQUIREMENTS 1. Bachelors degree or equivalent in Business, Economics, Finance, Law, I.T., Marketing, Accounting or equivalent. MBA preferred.

2.

More than ten years experience in the IT risk management and/or IT Audit related activities of the financial industry. CISSP accreditation preferred.