Job Summary: 

• Extracting data from QBE’s Insight system to create insights covering issue and incident management
• Develop and conduct incident, issue, risk and control reporting
• Support the incident and issue management process
• Ensuring escalations are completed, agree on remediation plans and review, challenging extensions and risk acceptance, review evidence and challenge closure
• Control validation of the 1st line control self-assessment
• Support the overall embedding of IT risk and processes and tools across the Group
• Collaborate with key stakeholders and build strong relationships to drive excellent outcomes
• Work on the local market regulations including the policy and procedure implementation for project risk and governance processes within the bank
• Implement region-specific technology risk changes and remediation programmes
• Provide education for risk technology and participate in technology risk-related events to promote the risk agenda across the business

Skills on Resume: 

• Data Extraction (Hard Skills)
• Risk Reporting (Hard Skills)
• Issue Management (Hard Skills)
• Control Validation (Hard Skills)
• Risk Embedding (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Regulation Compliance (Hard Skills)
• Risk Education (Soft Skills)

Job Summary: 

• Develop risk management strategies, evaluate potential risks and exposures in Technology
• Determine how to effectively minimise those risks and develop procedures that can be implemented
• Provide input to evaluate potential risks and exposures for Tech and help to understand control failures 
• Assist in the identification of the underlying root causes
• Influence business and/or project owners to continue to build a strong risk culture
• Identify, review, analyse and manage operational risks indifferent entity
• Monitor and track operational risk issues regularly
• Prepare and maintain risk management documentation, risk policies and risk reports
• Review and respond to customer security queries, questionnaires and risk assessments
• Perform third-party risk assessment for vendors/partners

Skills on Resume: 

• Risk Strategy (Hard Skills)
• Risk Minimization (Hard Skills)
• Control Analysis (Hard Skills)
• Root Cause Identification (Hard Skills)
• Risk Culture Influence (Soft Skills)
• Operational Risk Management (Hard Skills)
• Risk Monitoring (Hard Skills)
• Risk Documentation (Hard Skills)

Job Summary: 

• Creates and implements complex methods of risk evaluation
• Develops expert strategies or solutions to address evaluation results, and monitors to ensure developed solutions are effective
• May create models or simulation scenarios to test risk conditions
• Sources, compiles, and interprets data
• Performs analysis for risk trends and data discrepancies, and effectively communicates analysis output
• Produces reports based on data analysis, company trends, and risk factors
• Conveys patterns, problems, and areas of improvement
• Enables insight into potential Information Technology losses and mitigation of identified risks through reporting activities
• Supports business processes through a variety of escalated operational tasks
• Develops, implements, and ensures continuous improvement of standards and procedures
• Acts as a resource to management and other associates, including the production of documentation, presentations, or other materials to educate on risk policies and procedures

Skills on Resume: 

• Risk Evaluation (Hard Skills)
• Solution Development (Hard Skills)
• Model Simulation (Hard Skills)
• Data Interpretation (Hard Skills)
• Trend Analysis (Hard Skills)
• Risk Reporting (Hard Skills)
• Process Support (Soft Skills)
• Risk Education (Soft Skills)

Job Summary: 

• Responsible for hands-on execution of control testing/risk assessments and the development of control enhancement recommendations
• Performs engagement efforts with IT stakeholders and conducts discovery activities for the evaluation and design of new controls
• Updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration
• Adheres to the IT Risk program standards, utilizing industry best practice frameworks such as COBIT, ITIL, SANS, NIST, Basel, GLBA, SOX, PCI-DSS, FFIEC, etc.
• Coordinates Enterprise Risk Management (ERM) functions to align the IT Risk Program elements with ERM processes
• Support strategic business objectives and oversight of the Risk Controls Self-Assessment (RCSA) process for Information Technology
• Facilitation of the regulatory exam and audit efforts within Information Technology, to include the collection of audit documentation
• Scheduling meetings, providing audit responses for audit reports, and assisting management with responding to audit findings and recommendations
• Monitor and track audit remediation efforts as well as ensure follow-up reporting through the audit lifecycle
• Coordinate validation efforts and control review for the Disaster Recovery and Business Continuity program

Skills on Resume: 

• Control Testing (Hard Skills)
• Stakeholder Engagement (Soft Skills)
• Control Documentation (Hard Skills)
• Framework Compliance (Hard Skills)
• ERM Coordination (Hard Skills)
• RCSA Support (Hard Skills)
• Audit Facilitation (Hard Skills)
• Remediation Tracking (Hard Skills)

Job Summary: 

• Coordinate control and closure activities for Qualys vulnerabilities and RSA Archer Security Findings through remediation, exception and decommissioning processes
• Develop and implement risk responses to ensure that risk factors and events are in line with business objectives
• Meet daily and work closely with InfoSec and SecOps teams and/or other organizations to be able to move forward with different plans around remediation or exception processes
• Monitor Risk repositories for compliance and aid in the timely resolution of risks under remediation
• Aggregate data from disparate sources into a holistic risk picture while presenting this information in meaningful business terms
• Demonstrate the value of the team’s work by keeping the manager up-to-date, and explaining issues, approaches and solutions (i.e., manage expectations)
• Communicate efficiently with all levels of management and bring to awareness urgent matters that need immediate action
• Ensure compliance with key performance indicators (KPIs), suggesting changes to promote efficiencies in the IT Service management space
• Design and produce highly complex Excel, PowerPoint, Spotfire, and SharePoint reporting

Skills on Resume: 

• Vulnerability Coordination (Hard Skills)
• Risk Response (Hard Skills)
• Team Collaboration (Soft Skills)
• Risk Monitoring (Hard Skills)
• Data Aggregation (Hard Skills)
• Expectation Management (Soft Skills)
• Escalation Communication (Soft Skills)
• Report Design (Hard Skills)

Job Summary: 

• Design and operate enterprise IT risk and security programs
• Provide IT security services that comprise oversight, investigations and strategic vision
• Design, develop and recommend integrated identity and access management solutions
• Optimize the organization's current technological assets, recommending future initiatives and providing trusted advisory services to IT and Business communities
• Coordinate development, maintenance and testing of business continuity/disaster recovery plans
• Support the IT Risk Governance Team on technology risk management according to the requirements from both HKMA and the Head Office
• Conduct technology risk assessment according to regulatory requirements and the bank's internal procedures
• Assist in developing security policy and procedure for IT risk monitoring and cybersecurity management
• Conduct user training on IT security

Skills on Resume: 

• Enterprise Risk Design (Hard Skills)
• Security Oversight (Hard Skills)
• Access Management (Hard Skills)
• Technology Optimization (Hard Skills)
• BCP Coordination (Hard Skills)
• Risk Governance Support (Hard Skills)
• Risk Assessment (Hard Skills)
• Security Training (Soft Skills)

Job Summary: 

• Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines
• Identifying improvement areas, registering risks and assisting with action plans to move processes to a higher level of maturity
• Define, manage, and drive metrics and a reporting framework that support data security reporting and metrics
• Partner with CIS team members and cross-functional stakeholders to develop and manage a KPI/KRI metrics and reporting for CIS
• Collect, analyze and produce customized reporting, provided to leadership across Technology, CISO and other members of senior leadership regarding the overall health of the information security program
• Demonstrate creativity in how Wellmark measures all aspects of data risk
• Assist with technology risk identification, assessments, response and action planning across all areas of Wellmark Technology
• Create processes to ensure data sources deliver information that is accurate and timely
• Collaborate with appropriate stakeholders to ensure data is complete and provide holistic reporting to enable business decisions and actions

Skills on Resume: 

• Security Assessment (Hard Skills)
• Risk Improvement (Hard Skills)
• Metrics Management (Hard Skills)
• KPI Development (Hard Skills)
• Data Reporting (Hard Skills)
• Risk Measurement (Soft Skills)
• Risk Identification (Hard Skills)
• Data Validation (Hard Skills)

Job Summary: 

• Performing the IT Risk Assessments of external suppliers/vendors to ensure that they have sufficient IT controls in place to prevent data leakage, tampering or destruction
• Ensuring that IT risk assessment methodology and processes are followed precisely, to the expected quality
• Reporting identified risks to the appropriate stakeholders
• Providing support to the required stakeholders in understanding and defining adequate mitigation actions to mitigate identified IT risks
• Providing advisory and risk opinion on risk identification and treatment
• Monitoring vendor assessment program progress and responding to the issues causing delays
• Initiating risk assessments for the other risk assessment teams and helping these teams complete their assessments within agreed SLAs
• Lead and coordinate ongoing compliance requirements and readiness checks, such as for PCI-DSS, across multiple areas and teams
• Track, maintain and report on remediation activities and ongoing status of assigned owners of all relevant IT and cybersecurity regulatory compliance, risk assessment issues, and audit findings (both internal and external)
• Assess and analyze identified and tracked risks to ensure appropriate risk levels, priorities, owners, issues and dependencies are clearly outlined and understood
• Ensure management responses are captured, reviewed, approved and accepted by all key stakeholders

Skills on Resume: 

• Vendor Assessment (Hard Skills)
• Risk Methodology (Hard Skills)
• Risk Reporting (Hard Skills)
• Mitigation Support (Soft Skills)
• Risk Advisory (Soft Skills)
• Program Monitoring (Hard Skills)
• Compliance Coordination (Hard Skills)
• Remediation Tracking (Hard Skills)

Job Summary: 

• Provide resolutions to controlling security risks and threats in IT environments
• Delivering training to staff on distributed information security administration procedures
• Investigate and recommend corrective actions for data security incidents to clients and project stakeholders
• Conduct vulnerability assessments, malware defense assessments and other information security routines consistently
• Identify regulatory changes that will affect information security policies, standards and procedures, recommending appropriate changes
• Identify, improve, and monitor GAM key IT risks and controls gaps in Business Continuity, Disaster Recovery, Incident Management, Asset Management, Supplier Management
• Determine, recommend, negotiate and manage necessary changes to policies, standards and procedures
• Work closely with the Application Custodians and other stakeholders in GAM Technology to ensure processes are done according to standard
• Gather information about GAM Technology processes and create and manage a knowledge library for GAM Technology consumption
• Provide leadership within the team, identifying work priorities and ensuring effective communication among team members and with external partners/stakeholders
• Educate business and technology teams on the importance of control strategies and frameworks

Skills on Resume: 

• Security Resolution (Hard Skills)
• Security Training (Soft Skills)
• Incident Investigation (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Regulation Monitoring (Hard Skills)
• Risk Monitoring (Hard Skills)
• Policy Management (Hard Skills)
• Stakeholder Coordination (Soft Skills)

Job Summary: 

• Provide assessment, monitoring and coordination support for Policies and Controls related risk activities for the entire BHE IT organization
• Perform or assist with Third Party IT Risk Assessments
• Perform or assist with IT Risk assessments on various assets both inside IT and in other departments
• Review and analyze the effectiveness of Black Hills Corporation’s IT control activities and report on them with actionable recommendations and findings
• Follow up on findings in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken
• Acts as risk management liaison with all levels of the IT organization and with the lines of business and other internal departments and organizations
• Conduct research and open source intelligence gathering on Shadow IT and Cloud Service Provider (CSP) services to identify threats to NOAA systems
• Perform data mining using various platforms
• Conduct risk assessment of various CSPs and identify services that the organization has not approved, but are still accessible and may pose a risk to the organization
• Identify, analyze, and interpret trends or patterns in complex data sets
• Work with IT, Cyber, Operations, and other personnel to prioritize business and information needs
• Locate and define new process improvement opportunities
• Interpret various types of data, analyze results and provide written reports

Skills on Resume: 

• Risk Coordination (Hard Skills)
• Third-Party Assessment (Hard Skills)
• Control Analysis (Hard Skills)
• Remediation Follow-Up (Hard Skills)
• Risk Liaison (Soft Skills)
• Threat Research (Hard Skills)
• Data Mining (Hard Skills)
• Trend Analysis (Hard Skills)

Job Summary: 

• Support the Annual IT SOX Effort and the annual Internal Audit Efforts 
• Working with Accounting, define the annual IT SOX audit plan and the Internal Audit Plan 
• Coordinate the scheduling of IT audits with Accounting, IT Management, Process Owners and other interested parties 
• Report interim and final audit findings and recommendations 
• Maintain open lines of communication with accounting, IT, and the business 
• Meet all internal and external audit deadlines 
• Operational Management Support of IT SOX and Cyber Security 
• Collaborate with process owners, Accounting, and Internal/External Audit, and other experts to manage tasks 
• Regularly evaluate new or revised processes/controls to ensure they are operating effectively 

Skills on Resume: 

• Audit Support (Hard Skills)
• SOX Planning (Hard Skills)
• Audit Coordination (Hard Skills)
• Findings Reporting (Hard Skills)
• Cross-Department Communication (Soft Skills)
• Deadline Management (Soft Skills)
• Control Evaluation (Hard Skills)
• Task Collaboration (Soft Skills)

Job Summary: 

• Obtain signoff from management of the revised processes within each manager’s area of responsibility 
• Maintain a library of project documentation 
• Prepare and deliver training workshops, sessions, materials, and presentations
• Assist process owners, employees, and management with the transition from old processes or controls to new ones 
• Regularly report progress to the management team, stakeholders and other parties
• Manages Patch and Vulnerability Team (PVT) efforts 
• Manages the Risk Assessments process 
• Monitors compliance with organization policies and standards
• Identifies opportunities that use information security methodologies and/or controls to improve processes, documentation, or other areas of security-related performance

Skills on Resume: 

• Process Signoff (Hard Skills)
• Documentation Management (Hard Skills)
• Training Delivery (Soft Skills)
• Process Transition (Soft Skills)
• Progress Reporting (Soft Skills)
• Vulnerability Management (Hard Skills)
• Risk Assessment (Hard Skills)
• Policy Compliance (Hard Skills)

Job Summary: 

• Work closely with IT stakeholders and the financial compliance group on adherence to SOX requirements as well as risks and controls for business-critical applications
• Build partnerships across the business to ensure the awareness of and achievement of the compliance road map on current and emerging regulations
• Work closely with IT Teams to identify risks associated with Baker Hughes' global operations
• Research current and emerging regulations that may impact Baker Hughes and propose approaches to meet those requirements
• Ensure ongoing compliance with Baker Hughes policies and standards in collaboration with internal teams
• Prepare compliance reports and status reports, identify issues and escalate through proper governance channels 
• Provide input and recommendations to incorporate /improve the design of controls within regulatory risk requirements and framework
• Identify control deficiencies and ensure appropriate remediation development for sustainability
• Assist in providing visibility to the overall risk posture and track the completion of regulatory risk requirements and controls to completion
• Support key business initiatives by identifying security and compliance-related risks
• Work with stakeholders to provide necessary information on cybersecurity and controls to satisfy RFP requests
• Communicate to management, through reports, presentations, metrics, and other documentation, the cybersecurity risks identified

Skills on Resume: 

• SOX Compliance Support (Hard Skills)
• Business Partnership (Soft Skills)
• Risk Identification (Hard Skills)
• Regulation Research (Hard Skills)
• Policy Compliance (Hard Skills)
• Compliance Reporting (Hard Skills)
• Control Improvement (Hard Skills)
• Risk Visibility (Soft Skills)