Information Risk Resume Sample
Work Experience
- Support the implementation of an effective riskmanagement program, execution and monitoring of technology risk and controlprocesses as required, fostering the maturity of activities designed toactively support the information risk portfolio and risk awareness processacross CIB LATAM
- Assist the interpretation of corporate and industrycontrol guidelines and policies and support the communication of these clearlyalongside current status, and guide constituents to ensure compliance in apragmatic fashion
- Develop and maintain strong business and technologyrelationships, becoming a trusted partner to these groups
- Support the documentation process of information riskcontrol issues/gaps as well as the remediation plans, investigating andresolving control incidents
- Support the building of a culture and climate focusedon the pro-active awareness of, and continuous improvement in, the technologyrisk environment, utilizing existing training materials and developing bespokecontent where applicable
- Support all dashboards preparation/consolidation,support in various meeting minutes and gather information with key relevantstakeholders for building presentations for senior management and other levels
- Identify and work with teams to implement processimprovements
- Support the assessment of the Information Securityrisks of all information assets through risk assessments and risk review
- Support risk management activities within theOperations function, in collaboration with regional and global partners
- Attend location governance meetings (GSC Technology Operating Committee BCC, ET Business Control Committees, India Technology Control Committee, and corresponding branch meetings when relevant) to update senior management on the changing risk and control profile of the organization and present technology risk metrics
- Knowledge and experience with at least one asset class we support (cash securities, cash products and asset servicing)
- Knowledge of the settlement process
- Confidence and ability to work with senior operations and business management across the global offices
- Knowledge and experience with at least one asset class we support (Cash Products, Asset Servicing and Cash Securities)
- Knowledge of SQL is beneficial
- Indepth Microsoft Sharepoint knowledge is a solid asset
- Support the processes to ensure effective accessmanagement and recertification of secure access for CIB LATAM applications anddatabases, partnering regionally and globally as required
- Support internal and external audit processes,centralizing all requests and being the point of contact in IT
- Accountable to support management’s direction on financial planning and budgeting, expense management and costing & billing process
- Review threats and provide analysis on how they relate to Morgan Stanley’s Business Units
- Act as point person for location technology risks identified in Enterprise Technology India lines of businesses (GTI, CTR, RFT, CIO office)
- Monitor location specific technology risks identified and coordinate with the different stakeholders of these issues to expedite closure
- Manage the risk profile of the assigned locations to that defined in the KRIs/CIO Scorecard, driving hygiene remediation actions where needed as part of Technology Infrastructure hygiene
- Conduct Risk Awareness sessions to ET employees and consultants to promote risk-aware culture and decisions
- Ensure that third party risk assessments are completed in a timely and thorough manner for the areas that ET TCO supports
Education
Professional Skills
- Strong program management skills, with proven ability to deliver quality results in a deadline-driven environment
- Excellent interpersonal skills - verbal communications, written communications, and track record of collaboration
- Strong coordination skills on regional projects, for Asia which consists of Hong Kong, Japan, Singapore and Indonesia
- Work under pressure, manage changing priorities effectively, and meet deadlines without compromising controls
- VBA programming skills are desirable
- Strong experience in a Technology Risk, Information Risk, Information Security or an IT Audit role
- Proven experience of project management on the basis of an industry standard methodology (Prince, PMI etc.)
How to write Information Risk Resume
Information Risk role is responsible for programming, events, design, reporting, architecture, security, auditing, integration, health, collaboration.
To write great resume for information risk job, your resume must include:
- Your contact information
- Work experience
- Education
- Skill listing
Contact Information For Information Risk Resume
The section contact information is important in your information risk resume. The recruiter has to be able to contact you ASAP if they like to offer you the job. This is why you need to provide your:
- First and last name
- Telephone number
Work Experience in Your Information Risk Resume
The section work experience is an essential part of your information risk resume. It’s the one thing the recruiter really cares about and pays the most attention to.
This section, however, is not just a list of your previous information risk responsibilities. It's meant to present you as a wholesome candidate by showcasing your relevant accomplishments and should be tailored specifically to the particular information risk position you're applying to.
The work experience section should be the detailed summary of your latest 3 or 4 positions.
Representative Information Risk resume experience can include:
- Experience in all of the following areas: IT Audit, Information Security, conducting supplier security reviews, working within a control framework
- Good understanding of technology controls, in particular of identity and access management requirements within a global financial institution
- Participate in shift rota and provide on-call support for priority issues
- Defining and implementing independent review and challenge processes to be used to measure front line risk posture
- Performing independent review and challenge of front line risk assessments, control testing, RCSAs, risk measurement, and risk mitigation strategies
- Performing independent review and challenge of front line adherence to operating procedures and technical standards
Education on an Information Risk Resume
Make sure to make education a priority on your information risk resume. If you’ve been working for a few years and have a few solid positions to show, put your education after your information risk experience. For example, if you have a Ph.D in Neuroscience and a Master's in the same sphere, just list your Ph.D. Besides the doctorate, Master’s degrees go next, followed by Bachelor’s and finally, Associate’s degree.
Additional details to include:
- School you graduated from
- Major/ minor
- Year of graduation
- Location of school
These are the four additional pieces of information you should mention when listing your education on your resume.
Professional Skills in Information Risk Resume
When listing skills on your information risk resume, remember always to be honest about your level of ability. Include the Skills section after experience.
Present the most important skills in your resume, there's a list of typical information risk skills:
- Experience of professional Information Technology experience
- Proven information risk management experience, ideally in retail
- Partner effectively with others to deliver results
- A good Asset Servicing, Cash Products or Cash Securities background within the broker/dealer environment and the risks and controls surrounding this function
- Contributes to BMO’s overall business results by making recommendations that significantly improve operational efficiency and effectiveness
- Experience of working within a complex and dynamic business environments
List of Typical Skills For an Information Risk Resume
Skills For Information Risk Data Analyst Resume
- Equivalent experience dedicated to leading execution of IT controls attestation engagements, including SOC1 and SOX
- Structured Query Language programming (SQL)
- Self-motivated; requiring minimal supervision
- Deep knowledge of auditing of IT general computer controls and application controls
- Ensures that all processes meet the ORMF’s requirements
- AWS / Cloud development experience beneficial e.g. cloud development, cloud application promotion processes, identity management, security and architecture in a cloud environment
- Subject matter expertise in forms of controls attestation reporting (e.g., SOC1, SSAE3402, AT-205, ISAE 3000, etc.)
Skills For Information Risk Data Aggregation Specialist Resume
- Confidence and self-assurance in interactions with external auditors and ability to reach across the firm to engage appropriate management, set agendas, lead calls with senior management and drive actions to meet program objectives
- Strong exceptions analysis and issue management capabilities
- Demonstrated knowledge and development exposure to one or more
- Knowledgeable in IT SOX activities
- Able to work collaboratively with global IT SOX team, Asia business SOX team, external audit firm, Internal Audit and all in-scope business units in both regional (IRM, IT and ETS) and country level
- Follow up with IT audit actions and to participate in the pre-audit preparation exercise
Skills For Information Risk Senior Manager Resume
- Conduct the Control Self Assessment exercise in Asia and drive to improve our risk & control portfolio pro-actively
- Risk Management certifications (e.g., CISA, CISSP, CISO, CRISC)
- Strong working knowledge of FFIEC/NIST/PCI Security laws, Standards, rules and regulations while administering overall PCI security program for the client engagement
- Contribute towards the execution of policies, standards and procedures specific set by enterprise standards and account specific standards as they apply to Security Governance, Risk, and Compliance requirements for BFS clients
- Shall serve as the single point of contact with BFS Clients for incident management and resolution, as well as for all security matters
- Perform annual Security Risk assessments and conduct related ongoing compliance monitoring activities with Corporate and Client standards as well as measure alignment with NIST, FFIEC, ISO27001, etc
- PCI-DSS related activities including the identification of compliance gaps, the development of remediation plans, scan, PCI certification, documentation, monitoring compliance status, etc
- Review security exceptions for the engagement and identify risks
Skills For Senior Manager, Information Risk & Control Resume
- Conduct risk assessments for key BFS accounts and advise the account leadership on risk mitigation
- Engage with external auditors & clients/customer for assessments
- Develop, maintain security management plan for the engagement and provide periodic updates to the management and business leaders on the compliance
- Develop and monitor security metrics for the engagement
- Demonstrates proven expertise and success managing project work streams in system security, cyber security controls or information security management environment, specifically on the following information security domains
- Knowledge of Tableau is an asset
- Good understanding of security controls used to protect applications and infrastructure technologies including Data Loss Prevention, Advanced Threat Detection and Prevention, Cloud Computing and Mobile
- Work with Compliance across regions and LOB’s to define data level masking as mandated. Work as a SME to guide the ADM’s on this topic
Skills For Management Information & Risk Resume
- Engage with application ADM’s to ensure proper controls are in place with respect to Access Administration and propose adoption of strategic tools
- Conducting second line assessments and control testing for key processes, including (and not limited to) application and infrastructure development, ITIL processes (e.g. change management, problem management, etc.) and information / cyber security operational procedures (e.g. vulnerability management, threat management, etc.)
- Perform security administration on various platforms and systems in compliance with Luxembourg regulatory requirements, established IT Risk and Security Management policies and standards, and standard operating procedures
- Promote Security Awareness on an on-going basis
- Identify opportunities to automate or streamline existing processes and drive positive change
- Obtain early visibility into potential changes to program scope, facilitating readiness
Skills For Cib-information Risk Internship, Based Resume
- Troubleshoot and resolve system access/security issues. Escalate promptly as required
- Manage workload and ensure customer satisfaction
- Contribute to security-related projects/initiatives
- Perform routine operational health checks and control self-assessments
- Support internal/external audits and ensure timely and accurate response for requests for information
- Support Business Continuity/Disaster Recovery events
Skills For Information Risk Associate Resume
- Background in technology – experience of access administration/system security/end-user support - Wintel/UNIX platforms, business applications and Oracle/SQL databases
- Develop and maintain strong business and technology relationships, becoming a trusted partner, as well as building relationships with corporate functions such as Audit, Compliance, Legal, Technology Controls, and Third party
- Participate in or lead programs to improve or remediate the control environments across the Infrastructure Org
- Drive & manage the rollout of global IT risk & control programs
- Identify and lead x-LOB teams in identifying appropriate response to external auditors with respect to potential and confirmed SOC and/or SOX exceptions, including identification of relevant compensating controls for deficiencies
- Oversee remedial work streams, assessing effectiveness of proposed solutions and driving timely and effective solutions to control issues potentially impactful to programs
- Lead proactive readiness- assessments (platforms, tools, applications) to ensure controls are suitably designed and placed in operation, and that appropriate governance is in place to avoid impacts to external audits
Skills For Information Risk Assessment Resume
- New Reports: Partner with internal business owners, O&C and external auditors to identify appropriate form of reporting (e.g., SOC1, SSAE3402, AT-205, and ISAE 3000) to meet client and/or regulatory requirements; taking the lead in report development, readiness and execution
- Engage with the LoB Cybersecurity & Technology Control teams and CIB Central Support Program teams to solve for Risk and Control reporting needs. This includes thematic analytics, compensating controls, metric identification, visualisation of analytics and report design
- Analyze, normalize and logically model data from multiple sources to design and create industrialised analytics, supporting the detection of risks, control breaks and any required control uplifts
- Perform ongoing analysis of program related data and develop ad-hoc reports as requested to support business related programs and strategies
- Provide specialized expertise and guidance on risk and control assessment, identifying control gaps in the IT operational processes
- Deliver data driven process and overall service improvements
- Produce data driven output that is industrial at scale to minimize support and future development overhead
Skills For Information Risk Senior Analyst Resume
- Become a subject matter expertise in data, risk and control domains / programs
- Sustain business intelligence tools, data storage environments, dashboards, systems, or methods
- Oversee and coordinate IT audits conducted by Audit Services (including Emerging, Project and Key Risk Audits), regulators, clients and third party auditors. Ensure evidence is collected and shared in a timely fashion and all outstanding issues are closed on schedule as promised
- Coordination of the SOX Program for Asia: 1)Complete and holistic tracking of the implementation of the SOX control framework to each in-scope country; 2)Timely escalation of any issues or deviations, with clear and precise management recommendations to rectify; 3)Continuous communication between country, regional and global stakeholders
- Collaborate with other IRM teams and work alongside key stakeholders from our internal compliance, risk and audit functions
- Track compliance to in-force standards and policies, monitor risk exceptions and acceptances, report, follow and confirm compliance, etc
- Establish an understanding of operational and control requirements, , coordinating the regional and country improvement delivery teams and tracking and reporting back to senior executives
- Microsoft SharePoint knowledge