Information Security Risk Manager (Remote)

About the job : Information Security Risk Manager (Remote)

Job Type : Full-Time / Contract - 2 years (renewable)

Location : Trinidad and Tobago / Fully Remote

Role Summary :

Provide Information Security & Technology Risk Management consulting services to project teams based on risk management processes and procedures. Participate in project meetings, security reviews, walkthroughs, and risk assessments.

Key Responsibilities :

• Review and interpret requirements documentation, architecture diagrams, and solution designs to determine the feasibility of a project and its security risks. Assess business needs against potential risks and provide recommendations to enhance information security.
• Assess applications, infrastructure, business units, processes, and external suppliers for information security risks, identifying potential threats and exposures.
• Examine and interpret requirements documents, architecture diagrams, solution designs, and other information to determine if a project, application, infrastructure, or external supplier presents security risks.
• Work with third-party teams and internal development groups to interpret and review results from penetration tests on internet-facing applications.
• Coordinate with teams to ensure code scans are completed for all new or modified code deployments.
• Track issues raised during risk management reviews (TRA / ISA / PEN test / CIRA, Code scans / PIRT). Ensure issues are logged as deficiencies if mitigation isn't possible before project implementation, considering the bank's risk appetite.
• Collaborate with relevant teams as required.
• Provide risk consulting services to projects, ensuring security policies, standards, and processes are embedded in solutions.
• Address other related requests from senior management.
• Develop a risk-based schedule for BAU baseline risk assessments in consultation with the senior manager, collaborating with technology and business owners to mitigate significant issues.
• Review all contracts and third-party arrangements to ensure compliance with security policies and adequate protection of information assets, as requested by senior management.

J-18808-Ljbffr

J-18808-Ljbffr