S&P Global is seeking an experienced and talented Technology Risk leader to join the corporate team. Besides deep technical knowledge and expertise, the successful candidate will have exceptional communication, presentation and interpersonal skills, ability to influence key stakeholders and a strong C-suite/ Boardroom presence.
This position reports directly to the Head of Corporate Risk Management and is based in the company's corporate headquarters at 55 Water Street, New York, NY. The position does not include responsibilities for information security or cyber risk.
Develop and operationalize an IT risk assessment framework
Partner with leaders in technology teams and business partners to mitigate technology risks (excl. information security)
Key Accountability and Decision Rights:
Define and agree the technology risk taxonomy and assessment framework with other risk leaders across regulated and unregulated entities of S&P Global
Performing Technology Risk Assessments for corporate IT infrastructure and business applications. Follows best practice assessment methodology but knows when and how to adapt
Identify, assess, mitigate, and monitor enterprise risks for technology. Follow through to ensure migration plans are in place and effective (course correct if needed)
Provide oversight, independent challenge and reporting to ensure the current and planned technology environment is operating as intended
Work with senior managers across the organization to help define risk appetite, risk tolerance and other critical risk measures for technology risk at S&P Global
Provide independent assessment on existing and identify new or emerging risks. Maintain an active list of external and self-identified issues with action plans for issue closure
Stay abreast of industry related events and enhancements to understand how they can help mitigate potential risks to the company
Strong experience in developing and implementing IT risk assessment frameworks and process mapping (six sigma, lean approach). Requires in depth understanding of technology; understanding the business would be a plus
Ability to develop ideas independently and translate them into concise presentations and reports (board level)
Broad understanding and knowledge of industry best practices (ISO 27001, 27005) and regulatory processes and expectations, but an innovative thinker to stay abreast of evolving threats and risks to the financial services industry to ensure a proactive response and to mitigate risk
Track record of collaborating with global organizations to address risk related issues across lines of business, functions and geographies
Problem Solving: Leads and uses conceptual and innovative thinking (i.e., identifying new/different solutions) to solve issues. Looks beyond immediate problems for wider implications and determines best path forward
Interpersonal Skills: Requires a highly developed communications skills and ability to negotiate internally (fact based and credible). Needs to be a self-starter who can built relationships and uses judgement when working with partners to ensure effective outcomes. He or she needs to have the qualities of a team player
Nature of Impact: Leads and directly impacts the professional and/or technical direction and strategy for a discipline through shaping and designing new policies, procedures and standards
Leadership & Scope: Manages a small team of professionals with management decisions including hiring and performance management. Provides on-the-job training/support to new team members.
Established expert in Technology Risk Management with at least 10+ year of relevant experience. Relevant certifications (CISA, CRISC) would be a plus
Global Technology and divisional technology teams
Cross divisional relationships to risk liaisons
Cross functional to other control and support functions (Information Security, Business Continuity, Audit, Compliance)