The Director, Information Risk Management is responsible for providing 2nd Line of defense risk oversight and challenge to U.S. Segment in the area of information security risk and technology risk.

REQUIRED QUALIFICATIONS:

• Minimum 10 years of experience in governance, risk and control functions preferably in information security and technology risk areas.
• University degree
• Expertise in best practices of various aspects of information risk management and prior experience as a leader in IT risks.
• Strong communication skills including ability to explain technical information to non-technologists including business executives.
• Strong competencies in collaboration, problem solving and influencing key risk decisions
• Knowledge of the regulatory environments in the U.S.
• Knowledge of security software, IT audit and security, programming/coding and/or IT compliance
• Recognized professional designations in Information Security, Audit and Business Continuity (e.g. CISSP, CISA, CISM, CRISC, CSSLP, MBCP)

• Delivering the 2nd line information risk oversight program to US Segment while supporting the Segment to own and manage their risks efficiently and effectively. The oversight activities span across third party, changes, operational resilience, risk and control self-assessment, incidents and reportable events, issues and CAPs, disaster recovery, etc.
• Promoting a strong information risk culture and diversity, equity and including values.
• Staying abreast of new and emerging regulatory requirements as well as emerging and evolving risks.
• Managing capacity by monitoring and acting on anticipated change in workload and resource changes.
• Ensuring the team is properly trained and kept current with information risk and cyber security developments, threats and emerging technology.
• Interacting and cooperating with other GIRM teams and IRO counterparts to ensure consistent and efficient processes.
• Maintaining effective relationships with L1 stakeholders and L2 risk partners to drive the best outcome.
• Owning the risk reporting activities for US Segment.