Job Purpose and Impact

• The Advisor, Governance, Risk & Compliance job leads and advises on the execution of risk management strategy, including quantifying enterprise risk appetite and tolerance, establishing and improving security policies, and maintaining a cyber risk register. As a recognized subject matter authority in this field, this job leads and mentors enterprise risk management interface on information security, performs highly complex compliance test, partners and influences key teams across the technology organization to ensure execution performance, and communicates company level metrics and progress on risk management goals.

Key Accountabilities

• ENTERPRISE RISK APPETITE & TOLERANCE: Leads and advises on establishing and articulating the organization's risk appetite and tolerance levels to guide decision making process, and establishes value risk measures and prioritizes enterprise cybersecurity risks.
• SECURITY POLICIES & STANDARDS: Advises on establishing and improving fit for purpose security policies and standards in line with risk tolerance and regulatory requirements, and guides appropriate implementation, communication and enforcement of policies and standards.
• CYBER RISK REGISTER: Mentors the cyber risk register and validates the quantification of risk implications to ensure accurate scoring of identified risks.
• COMPLIANCE TESTING: Leads and advises on compliance testing to assess adherence to internal policies and external regulations, identifying systemic compliance gaps, resolving root cause and recommending improvement options, including cost benefit analysis.
• PERFORMANCE MONITORING: Leads the execution of risk management strategies and initiatives to ensure effectiveness and alignment with organizational goals, and reviews performance monitoring processes to assure that performance measures both leading and lagging remain effective indicators of satisfactory risk management.
• COMPANY LEVEL METRICS & PROGRESS ON RISK MANAGEMENT GOALS: Leads and advises on preparing and communicating metrics related to risk management progress, ensuring clarity and accountability across the organization.
• ENTERPRISE RISK MANAGEMENT INTERFACE ON INFORMATION SECURITY: Partners collaboratively with company enterprise risk management, audit and leadership teams to integrate cyber risks into broader risk management practices and enterprise risk management framework, defining the cybersecurity strategy for collecting, analyzing and prioritizing risk management initiatives.
• COLLABORATION: Influences to foster collaboration with cybersecurity peers, risk managers in other functions, government affairs, external experts, industry consortia, and other partners to gather internal and external requirements, map current and emerging compliance rules, balance competing priorities, develop risk mitigation strategies, evaluate cost benefit cases, and advocate for solutions that meet business objectives.

Qualifications:

• Minimum requirement of 6 years of relevant work experience. Typically reflects 10 years or more of relevant experience.

#Standard