|Reference # :||19-02206||Title :||Information Security & Risk Management Analyst|
|Location :||Cambridge, MA|
|Experience Level :||Start Date / End Date :||09/16/2019 / 09/19/2020|
|The Information Security & Risk Management (IS&RM) manager is responsible for providing leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and monitor NIBR¬??s operational and strategic risks. The IS&RM manager is functionally responsible for ensuring that NIBR¬??s Information Security and Risk Management program is aligned and compliant with the corporate (Group) IGM strategy, the IGM policy framework, laws and regulations, and best in class industry standards. The IS&RM manager helps to ensure the alignment and execution of the *** IGM strategy and road map through the execution of the *** IGM Policy Framework within the NIBR environment. The IS&RM manager ensures that tools, practices, and processes are in place to analyze, report, and manage risks within the NIBR environment and that NIBR¬??s risk management position and strategies are in compliance with applicable regulations and strategic imperatives of the organization. Provides governance of operational risk management activities of the organization. Monitors and analyzes risks within the NIBR environment and reports on these risks to the Head of NIBR IS&RM and NX Senior Leadership Team (SLT). Provides key inputs and collaboration with various risk/compliance departments (i.e., Quality Management, Data Integrity, Ethics & Compliance, Cyber Security, Privacy/Legal, Records Mgmt., etc.).|
Systematically supports the implementation and monitoring of the *** IGM Policy Framework to ensure that the integrity, confidentiality and availability of information owned, controlled, and/or processed by the NIBR Organization is assured.
Assists in the formulation and creation of documents and maintains the overall IS&RM strategy for the NIBR Organization following the defined Governance Structure
Assumes responsibility for managing budgeting, accounting and charging requirements.
Ensures the continued provision and development of skilled and capable people to support IS&RM
For IS&RM owned Processes:
Actively participates in the sponsorship, design and management of IS&RM process and metrics to ensure a robust and effective organization.
Validates that all the activities necessary to design, develop, deploy, operate and retire IT services satisfy IGM requirements.
Assumes responsibility for the optimal design, delivery and deployment of processes, practices and other activities to ensure security of information throughout its lifecycle.
Responsible for managing information risks (threats, vulnerabilities, and impact). This includes assessing threats and vulnerabilities of information (and information systems) and evaluating how vulnerable information is to threats.
5 years of working experience, 5 of those years with Information Security management and/or Quality Management and/or Risk Management
Demonstrated leadership skills: >5 years experience in mid-level management positions in a matrix organization
Experienced IT manager or Corporate Information (or IT) Security Officer with broad and in-depth technical, analytical, and conceptual skills as well as mature risk management and governance experience
Experience in reporting to and communicating with senior management (with and without IT background, with and without in depth risk management background) on information risk topics
Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.
* University working and thinking level,
* Degree in business/technical/scientific area or comparable education/experience
* Professional information security certification, such as CISSP,