**_OBJECTIVES/PURPOSE _**
- Provides a holistic, business-oriented approach to the management of information security risk using likelihood and impact to guide and advise the business
- Provides technical and business leadership teams across the organization with the analysis needed to make risk-based decisions
- Collects and maintains risk and policy exception data using the team’s Governance, Risk, and Compliance (GRC) platform
- Develops reports and dashboards to help measure risk
**_ACCOUNTABILITIES _**
- Triage and manage risks and policy exceptions according to internal operating standards
- Participate in team meetings and aid colleagues
- Act as a risk advisor when communicating with risk stakeholders
- Collaborate with risk stakeholders to develop and track mitigation plans and ensure compliance with policies and standards
- Track and report on risk reduction progress
- Assist in the development and maintenance of our internal control framework
- Assist in the maintenance of our policy framework and training platforms
**_DIMENSIONS AND ASPECTS _**
**Technical/Functional (Line) Expertise**
- Advises on technical risks in terms familiar to the risk stakeholders
- Creates and maintains departmental documentation and operating procedures used by risk stakeholders
- Organizes information in Service Now GRC and Excel and creates reports, dashboards, and pivot tables
**Leadership**
- Influences action across various technical, non-technical, and geographic teams to reduce risk
- Ability to effectively manage conflicting priorities
- Develops strong relationships with other teams across the organization
**Decision-making and Autonomy**
- Operates autonomously to triage and manage risks and exceptions
- Leverages technology to organize complex data sets and develops analytical reports (primarily using Service Now GRC and Excel)
- Responds to risk stakeholders in a timely manner, engages colleagues when needed, and escalates when necessary
**Interaction**
- Balances conflicting priorities by leveraging project management and personal organization skills
- Operates effectively across a matrixed organization
- Demonstrates cultural sensitivity and is respectful of colleagues
**Innovation**
- Innovates to find new solutions to problems
- Applies innovative approaches to reduce risk and minimize business impact
**Complexity**
- Operates across geographies and technologies
- Collaborates effectively within the team, across teams, and with vendors
**_EDUCATION, BEHAVIOURAL COMPETENCIES AND SKILLS: _**
- **Essential **-Bachelor’s degree or equivalent
Ability to manage multiple workstreams simultaneously
Ability to think critically and analytically
Strong data organization and analysis skills such as merging data sets, concatenating fields, developing pivot tables, charts and graphs
5 years of data analysis and data manipulation experience
Excellent communication, interpersonal, presentation, and organizational skills
Comfortable operating in and navigating a global organization where risk stakeholders can be located across geographies and time zones
- **Desired **-Preferred experience with risk management practices such as NIST 800-30 and 800-33
Background with control frameworks such as NIST CSF and 800-53
Ability to create macros and simple automation in Excel
**_ADDITIONAL INFORMATION _**
- Flexibility to participate in risk activities outside of local business hours