At minimum 7+ years in IRM or security functions, preferably aligned with control framework best practices and risk management.
• Certifications any of the following is preferred: CISA, CISSP, CISM, CRISC etc.
• Ability to provide technical risk advisory that are effective in addressing the control gap or failure and mitigating the risk exposure.
• Ability to perform design effectiveness walkthrough and design testing of IT controls.
• Ability to perform LOD2 assurance on information risk assessment that reasonably assures secure & privacy by design and no unmitigated/unknown/unmanaged risks exists in the business environment.
• Excellent understanding of, and experience with Information Risk Management, IRM processes, the IRM portfolio, the Business (IT) Controls Framework and project delivery.
• Advanced understanding of internal and external IT security standards, and relevant legal compliance aspects.
• Robust understanding of, and solid experiences with, the impact of IRM on IT Services/Platforms, application development and data lifecycle.
• Excellent understanding of project delivery methodologies such as waterfall, DevSec Ops, Agile.