Senior IT Risk Advisor responsible for establishing and implementing an IT Risk program- 2022-630V-016

Duration: 1 year to start

Hours: 7 hours per day / 35 hours per week, 1hour unpaid lunch

Location: Hybrid (Brampton)

Start Date: July 10th, 2024

Scope: The IT Risk Advisor will support the IT divisional leadership team and be responsible for establishing the IT Risk program. This role will facilitate dialogues, analyze requirements, and document various artifacts to execute risk identification; risk measurement and assessment; risk mitigation; risk reporting and monitoring; and risk governance in accordance with industry best practices (ITIL, COBIT, ITIL, NIST, etc.). This role will also support the completion of existing risk management action plans.

Responsibilities:

• Develop an IT Risk governance structure.
• Develop procedures and policies to support the IT risk function.
• Facilitate dialogues to identify and mitigate IT risks.
• Work closely with IT Management, IT staff and stakeholders to understand their objectives business context and priorities, and the associated assumptions and constraints.
• Complete research to inform the IT risk management artifacts.
• Identify any shortcomings, problems, and limitations in executing risk mitigation plans.
• Develop a risk measurement plan.
• Develop and complete training for IT risk management artifacts

Must Haves:

• Minimum 5 years professional experience working in a senior IT Risk Management role- developing and implementing risk management artifacts.
• Cyber-security and privacy defense protection methods.
• Highly proficient in Microsoft Office, including Teams, SharePoint, Visio, PowerPoint, and Excel.

Mandatory Certifications:

• CRISC (Certified in Risk and Information Systems Control)

Nice to Have Certifications:

• CISSP (Certified Information Professional)
• CISM (Certified Information Security Manager)
• COBIT (Control Objectives for Information and Related Technologies)

Education:

• Undergraduate degree in business management, finance, risk management, information management systems or a related field.