About the job : Information Security Risk Manager (Remote)
Job Type : Full-Time / Contract - 2 years (renewable)
Location : Trinidad and Tobago / Fully Remote
Role Summary :
Provide Information Security & Technology Risk Management consulting services to project teams based on risk management processes and procedures. Participate in project meetings, security reviews, walkthroughs, and risk assessments.
Key Responsibilities :
* Review and interpret requirements documentation, architecture diagrams, and solution designs to determine the feasibility of a project and its security risks. Assess business needs against potential risks and provide recommendations to enhance information security.
* Assess applications, infrastructure, business units, processes, and external suppliers for information security risks, identifying potential threats and exposures.
* Examine and interpret requirements documents, architecture diagrams, solution designs, and other information to determine if a project, application, infrastructure, or external supplier presents security risks.
* Work with third-party teams and internal development groups to interpret and review results from penetration tests on internet-facing applications.
* Coordinate with teams to ensure code scans are completed for all new or modified code deployments.
* Track issues raised during risk management reviews (TRA / ISA / PEN test / CIRA, Code scans / PIRT). Ensure issues are logged as deficiencies if mitigation isn't possible before project implementation, considering the bank's risk appetite.
* Collaborate with relevant teams as required.
* Provide risk consulting services to projects, ensuring security policies, standards, and processes are embedded in solutions.
* Address other related requests from senior management.
* Develop a risk-based schedule for BAU baseline risk assessments in consultation with the senior manager, collaborating with technology and business owners to mitigate significant issues.
* Review all contracts and third-party arrangements to ensure compliance with security policies and adequate protection of information assets, as requested by senior management.
J-18808-Ljbffr
J-18808-Ljbffr
#J-18808-Ljbffr