Information Risk Manager Resume Sample
Work Experience
- Working with SBU and BCOO customers and key stakeholders
- Contributing to the creation of Information Risk Objectives and strategy supported by action plans aligned to the business strategies and goals
- Supporting the development of a strategic team plan that ensures the team develops in line with SBU and BCOO key strategies as well as future impacts from the regulators and changes to Barclays’ policies
- Providing Information Risk related inputs into the MTP and STP processes for BCOO/SBU Control improvements, and enhancements via the VP, Information Risk Program Lead
- Contributing to the development of suitable governance frameworks for new business entities/ activities added to the SBUs
- Advises senior management on issues related to risk and vulnerability management and recommends actions in support of the bank's wider risk management and compliance programs
- Contributes to quality control and reporting for remediation functions
- Participate in the design or enhancement stages of product development to ensure product teams have reviewed GTRM policies and standards, understand any potential security risks with the solution, and comply with current security controls
- Work with peers in GTRM as well as other IT groups and third parties to identity upcoming projects or initiatives to ensure proper security standards are being met
- Advise and influence IT and business management regarding security best practices, risk analysis, and risk mitigation
- Develop, enhance, and deliver relevant security services that focus on ease of customer integration and improving the overall security posture of the environment
- Ensure the organization has the necessary security capabilities to comply with all laws, regulations and internally developed Standards or Policies surrounding the confidentiality, availability, and integrity of our information assets
- Maintain healthy and measured accountability between McDonald’s and its security suppliers and ensure proper service support documentation is in place to facilitate this accountability
- Engagement - Align with the firm’s IT Risk and Security Management organization to remain aware of control initiatives taking place outside of our Line of Business; make recommendations for our engagement as needed
- Build business requirements documents needed to enhance the system to meet the needs of it’s end users and owner
- Input to RCA’s and Risk Appetite created by IRM Governance, Risk and Reporting function
- Supervisory Oversight and Regulatory Engagement Management
- Maintain all information security policy and standard documentation. This includes policies, standards and procedures
- As part of an annual process, review and update all policies, obtaining the approval from the security steering committee for policy changes
- Perform security reviews of projects, technologies, third parties, and business processes to determine adherence to security policy
- Perform corporate and other risk assessments to measure and manage information risk
- Process security and policy exceptions
- Track security risks
- Deliver a security awareness program to train and educate Flowers associates at all levels of the organization
- Assessing McDonald’s vendors from a risk perspective, including analyzing technical documentation, leveraging tools to identify any external security concerns, reviewing contract language, and other methods to determine any risks to the organization
- Other security management processes to ensure policies and standards are enforced and risks are identified, tracked, and managed
Education
Professional Skills
- Strong negotiation and influencing skills to determine an outcome that is mutually acceptable to all parties concerned
- Project support or BA skills/experience
- Strong ability to assess urgency and prioritization and make good decision based upon situational circumstances
- Advanced analytical skills with the ability to draw key points from complex data sets and reach informed conclusions
- Experience working with compliance/risk environment
- Experience within a financial institutional – preferably retail banking
- Previous experience in security operations and risk management operations
How to write Information Risk Manager Resume
Information Risk Manager role is responsible for coaching, reporting, integration, training, security, architecture, analysis, design, research, cross-training.
To write great resume for information risk manager job, your resume must include:
- Your contact information
- Work experience
- Education
- Skill listing
Contact Information For Information Risk Manager Resume
The section contact information is important in your information risk manager resume. The recruiter has to be able to contact you ASAP if they like to offer you the job. This is why you need to provide your:
- First and last name
- Telephone number
Work Experience in Your Information Risk Manager Resume
The section work experience is an essential part of your information risk manager resume. It’s the one thing the recruiter really cares about and pays the most attention to.
This section, however, is not just a list of your previous information risk manager responsibilities. It's meant to present you as a wholesome candidate by showcasing your relevant accomplishments and should be tailored specifically to the particular information risk manager position you're applying to.
The work experience section should be the detailed summary of your latest 3 or 4 positions.
Representative Information Risk Manager resume experience can include:
- Support compliance across business and technology teams with security governance requirements, including security training programs
- Produce weekly status reports to security leadership; raising significant risks and issues as they arise, and proposing approaches and solutions to mitigate
- Provide expertise in the updating and review of company information security policies, standards and baseline documentation
- Provide oversight and guidance for the submission and review of policy exception requests, remediation plans, and tracking to closure
- Support the development and production of security metrics and reporting for senior leadership
- Support the development of processes and procedures to comply with internal and external requirements
Education on an Information Risk Manager Resume
Make sure to make education a priority on your information risk manager resume. If you’ve been working for a few years and have a few solid positions to show, put your education after your information risk manager experience. For example, if you have a Ph.D in Neuroscience and a Master's in the same sphere, just list your Ph.D. Besides the doctorate, Master’s degrees go next, followed by Bachelor’s and finally, Associate’s degree.
Additional details to include:
- School you graduated from
- Major/ minor
- Year of graduation
- Location of school
These are the four additional pieces of information you should mention when listing your education on your resume.
Professional Skills in Information Risk Manager Resume
When listing skills on your information risk manager resume, remember always to be honest about your level of ability. Include the Skills section after experience.
Present the most important skills in your resume, there's a list of typical information risk manager skills:
- Excellent verbal and written communication skills with the ability to enhance value and reputation
- Provide coaching and cross-training to colleagues in order to increase the skills maturity of the function as a whole
- Strong experience in understanding and deploying risk management and security frameworks such as NIST, ISF and ISO
- Strong skill in data reporting and analysis
- A strong understanding of the principles and application of risk management and Barclays ERMF, including Records Management specifically
- Experience of managing global information risk and assurance programmes
List of Typical Experience For an Information Risk Manager Resume
Experience For Senior Information Risk Manager Asia Resume
- Ensure Conduent information security standard controls, and applicable external regulatory requirements, are reflected in all client and vendor contracts and proposals
- Experience on ISO 27001 Information Security Management system, Risk Assessments, Evaluation of results / findings, IT GRC Governance Risk Compliance Tools
- Handholding to offshore and business team
- Provide leadership in assessing risk to company operations including incident management and business continuity
- Coordinate with Incident management team during incidents and support investigation of security breaches
- Support business team during deal pursuit
Experience For Business Information Risk Manager Resume
- Manage enterprise wide and targeted IT Risk Assessments including Risk Analysis and Control Assessments
- Manage and provide direct support for Internal Audits and Regulatory Exams impacting Information Technology and Security
- Maintain any continuing education requirements for certification or obtain certification
- Act as the information security subject matter expert on development and architecture projects
- Provide oversight and support for all external and internal audits and risk assessment activities
- Provide oversight and guidance for all external and internal testing, including vulnerability scanning and penetration testing, including remediation efforts and tracking to closure
- Provide guidance and expertise in incident response, operations continuity and disaster recovery
Experience For Merchant Services Information Risk Manager Resume
- Manage security and compliance risks in service delivery for key verticals and communicate with Business teams to understand all critical security requirements and risk scenarios
- Engage in IRM program for the key accounts: define control framework; identify and evaluate risks; understand business context and prepare reports and recommendations
- Perform annual Security Risk assessments and conduct related ongoing compliance monitoring activities in coordination with Privacy Officer and Legal Team members
- Manage External ISO 27001 audit and coordination with auditors: plan out audit schedule and charter for corporate functions and coordinate with all internal stakeholders towards preparation
- Proven experience in information security and risk management field, especially with Technology Risk Management / IT Audit in Enterprise organizations
- Strong knowledge on GDPR and EU Data Protection directive, PCI Security requirements, SSAE 18/ ISAE 3402, SOC2 Standards, rules and regulations
- Experience of SSAE/ ISAE, SOC 2 and PCI-DSS, assessment and control implementation; ISMS implementation
- Assess, prepare and ensure all IT systems, policies and procedures fully comply with Cognizant ISO 27001 SoA, security laws, rules and regulations
- Engage with different stakeholders: external auditors, customer visitor, business leaders and corporate teams, such as HR, legal, IT, etc
Experience For Senior Manager, Information Risk Manager Resume
- Conduct reviews to assess the service delivery control environment and evaluate adherence to client identified contractual requirements, Cognizant policies and standards
- PCI-DSS related activities including the identification of compliance gaps, the development of remediation plans, scan, PCI certification, documentation, monitoring compliance status, and ultimate attestation of compliance
- Communicate and discuss with customer security team an understand security requirements
- Create security solutions and negotiate for security contract
- Review solutions to determine compliance with customer security requirement
- Define the control framework in accordance with the customer requirement
- Security certifications such as CISA, CISSP, CISM, CRISC, CCSK, CIPP IT, CIPP E etc
Experience For Country Information Risk Manager Resume
- In-depth understanding of network and system security technology and practices across all major-computing areas (Network, firewalls, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology
- Provide guidance and leadership directly assisting the CISO with the maintenance of the Information Security Program including designing and implementing Risk Management processes
- Direct and work closely with Business Units with recommended risk assessments per Regulatory Guidance that have technology related aspects. (e.g. Remote Deposit Capture, ACH, Internet Banking, Social Media, and ID Red Flags)
- Direct the performance of Risk Assessments of affiliates and annual assessments
- Provide leadership in conducting vendor information security reviews, including the review of the extended supply chain risk potentially introduced by service providers and related risk rankings for sensitivity of information
- Assist with other Risk Management and Information Security activities as needed
Experience For Cib-cio-information Risk Manager Resume
- Attend Technology Incident Response Team Meetings as needed
- Stay current with laws, bank regulations concerning information security. Work with Technology Services and Information Security personnel to integrate appropriate level of processes and controls as necessary to mitigate risks
- Execute Information Risk Management practices and controls
- Perform and validate Information and Vendor Risk Assessment, participate in due diligence on vendor selection process, identify potential risk and provide guidance of risk mitigation and acceptance process
- Assist on formulation of IRM Plan and solutions with various business units in order to ensure that the IRM development and implementation are effective, and in comply with the country and Asia divisional strategies and local regulations
Experience For Corp-information Risk Manager, Based Resume
- Assist to establish country local risk profiles and appetites, report country IRM risk and performance, the posture and exposures, maintain up to date with IRM metric system
- Coordinate country local security activities, including but not limited to application security scanning and penetration test, logical access regular assessment, information risk awareness and readiness for the Business Units
- Participates in country governance support the implementation of IRM program objectives, collaborate with Country Information service for IRM project delivery assurance
- Understanding of local technology risk regulatory requirements, provides guidance, participate and directly engage in local country regulators’ reviews and exams, ensure compliance with the requirements including framework, guidelines & policies for IRM and IT, maintain of local IT regulatory matrix
- Liaise with internal, external auditors, and regulatory agencies on risk and compliance reviews and exams. Guidance on IT audit planning and scope align with IT control objectives, oversee country audit issues addressed in a timely manner
- Tooling & Reporting
Experience For Am Information Risk Manager VP Resume
- Incident management, responsible for establishing communication, response & handling in the event of local information risk and incident
- Support and deliver to the company’s governance structures, track IRM issues, and be a point for escalation as appropriate
- Represent the Asia 1st line of defence IRM at relevant Governance and Risk forums
- Lead SME and primary point of contact for Senior stakeholders within BUK and Group Information Risk
- Deliver oversight and governance of records management – e.g. monitoring performance against KPIs and standards, escalations and exceptions management; controls management and continuous improvement
- Ensure BUK Business owners are provided with sufficient oversight of the performance of Records management controls
Experience For Cib-information Risk Manager Resume
- Identify and map non-financial risks, and help with prevention and mitigation strategies
- Provide guidance with implementation of policies and standards
- Support and assist Business Senior Management with any risk related question
- Continuously maintain and foster risk awareness with internal and external customers
- Explain internal and external regulations in a clear and understandable fashion
- Assess strategic projects and provide guidance for the choice and implementation of controls
List of Typical Skills For an Information Risk Manager Resume
Skills For Senior Information Risk Manager Asia Resume
- Relationship management and negotiation skills to ensure timely delivery by Business and Infrastructure stakeholders who have many demands upon their time
- Strong experience on Cloud Platform security management
- Experience of managing small specialist teams or professional services
- Six (6) or more years of consulting experience, required
- Three (3) or more years of experience managing large, complex projects, required
- Three (3) or more years of experience using Microsoft Project or an equivalent software, required
- Experience on managing SAAS (Software as a Service) & PAAS (Platform as a Service) level risk assessments, security audits
- Strong working knowledge of Privacy laws, Standards, rules and regulations
- Translate day to day information risks into effective management reporting
Skills For Business Information Risk Manager Resume
- Substantive experience gained in a financial services business
- Experience in Information Risk Management
- Experience in financial services, Investment Bank and/or Management Consultancy
- Designing and implementing an IRM strategy with the Operations & Technology Functions Leadership team on IRM controls implementation and change initiatives
- Understanding of ERMF and Barclays Way
- Knowledge and understanding of Records Management regulatory landscape, including current and recent changes associated with Dodd-Frank and EMIR
Skills For Merchant Services Information Risk Manager Resume
- Knowledge of emerging regulations in Data protection and data privacy for Europe/ UK / Africa countries
- General knowledge of Information Security, including access management, data loss prevention, risk assessments and incident management
- Identify and assess key IRM risks and support executive accountability for significant issues, audit observations and other matters arising
- Review performance of control oversight against Policy & Standards, identifying gaps & areas for improvement
- Associate risk assessments to mitigating actions
Skills For Senior Manager, Information Risk Manager Resume
- Influence leadership in relation to important risk decisions
- Experienced and confident individual with excellent communication skills. Ability to communicate complex material to a wide and varied audience in a clear and concise format
- Strong ability to develop strategic direction and long term objectives without supervision
- Experience in any operational security roles
- BS in Information Security, Risk or IT Management, Computer Science, or related field
- Direct information security experience, including architectural integration of security technologies and ability to identify potential risks to solution security
- CISSP certification (or similar) and be knowledgeable of national and international regulatory compliances and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS
Skills For Country Information Risk Manager Resume
- Proven communication skills with the ability to translate complex technical issues or concepts to non-technical audiences in a clear and concise manner that focuses on business value
- A proven ability to balance risks, IT security standards and Business needs considering business risk appetite and affordability
- An understanding of the key compliance and regulatory standards in information security and compliance
- Familiarity with and competence with IT Control standards and Practices
- Professional Accreditations desired (CISA, CISSP, CRISC or CISM)
- Professional Accreditations (CISA, CISSP, CRISC or CISM)
- Agile / LEAN / Six Sigma
Skills For Cib-cio-information Risk Manager Resume
- IRM knowledge of key conditions
- Risk and control gap identification and analysis
- Knowledge of Policy and standards
- Knowledge of the NAPA tool
- Knowledge of the BACL 3 change framework tool
- Knowledge of risk and control toolsets used across Barclays Group
- Build and maintain effective relationships with all members of the teams your support including MD and Directors and develop a network of trusted peers, and become a “go to” advisor for all areas of the business.
- Continuously develop IRM SME capability in line with needs and expectations. Provide coaching and cross-training to IRM colleagues in order to increase the skills maturity of the function as a whole.
- Support and deliver to the company’s governance structures, track IRM issues, and be a point for escalation as appropriate. Identify and assess key IRM risks and support executive accountability for significant issues, audit observations and other matters arising
Skills For Corp-information Risk Manager, Based Resume
- Key Risk Assessments and Reporting
- Participate in BUK and Group-wide projects to ensure BUK IRM requirements are identified and incorporated – via either NAPA or BACL3 - to ensure appropriate oversight and risk mitigation for 'Continuous and Controlled Delivery'
- Participate in ad hoc business working groups as required to provide IRM SME input into activities throughout BUK where there are Information Risk or Data policy requirements
- Interpret policy/standards (particularly related to Data and connected IRM aspects) to determine any controls requirements and/or where provided by the policy owner, to interpret the evidence needed to satisfy them
- Provide first line of defence support in assessing risk against ERMF and reviewing control issues
- Analyse proposed changes to understand impact on the BUs and their operating models in relation to Information Risk and Data policies and advise/support the business to deliver the requirements
- Capable of working with global corporate clients, and ability to up-sell after the first engagement
- Encourage a team environment on engagements, and contribute to the professional development of assigned personnel
- Able to articulate and defend a position and associated rationale
Skills For Am Information Risk Manager VP Resume
- Initiative and motivated and a “self starter” attitude
- Structured and logical approach
- A flair for presentation of information
- Research and quickly digest new and emerging record-keeping and information security rules, and provide commercial advice to internal stakeholders on their implications
- Financial Services or Big 4 Consulting experience
- Ambitious with strong desire to succeed – track record of delivery
- Professional experience in information technology functions of infrastructure, applications, or IT governance
- Experience in information security domain with preference to risk management
- PMP or equivalent experience, required
Skills For Cib-information Risk Manager Resume
- Holder of Professional Certificate CISSP, CISA and or CISM. CBCP would be assets
- Financial Regulation knowledge: FCA, GLBA, Privacy Laws
- Serving as an SME in Access Control design best practices, work with various levels of management and technology project teams to develop solutions that are acceptable to balance risk and reward in regards to the protection of Barclaycard data
- Regulatory & Risk Intelligence
- Deep insight of best practice standards such as ISO 27001, SOC, NIST, PCI is required
- Demonstrates proven expertise and success with implementing security architecture and strategies, delivering consulting security solutions for the engagement emphasized by the customer
- Establishing, communicating, and maintaining a charter for the security management function for the engagement
- Demonstrates proven expertise and success in a role leading and collaborating directly with Client senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation
Skills For Cib-information Risk Manager VP Buenos Aires Resume
- Demonstrates proven expertise and success managing project work streams in system security, controls or information security management environment, specifically on the following information security domains
- Supporting the design and implementation of a Cyber and an information risk management strategy with the Barclays Functions Leadership team on Cyber and information risk management controls implementation and change initiatives
- Build and maintain effective relationships with all members of the teams your support including MD and Directors and develop a network of trusted peers, and become a “go to” advisor for all areas of the business
- Continuously develop Cyber and information risk management SME capability in line with needs and expectations
- Support and deliver to the company’s governance structures, track cyber and information issues, and be a point for escalation as appropriate
- Identify and assess key cyber and information risk management risks and support executive accountability for significant issues, audit observations and other matters arising
- Build and maintain effective relationships with the BU, IRM, Technology and CCO teams, develop a network of trusted peers, and become a “go to” advisor for all areas of the business
- Present key initiatives to senior stakeholders to negotiate solutions and gain sponsorship
- Continuously develop IRM control and toolset capability across the 1st line of defence