Ensuring strong Information Technology, Information Security and Third-Party Risk Management is critical to ensuring the integrity of our business and maintaining controls and governance over these areas is essential for success.
Genworth is currently seeking a Senior Enterprise Risk Manager – IT, IT Security and Third Party. The Senior Enterprise Risk Manager – IT, IT Security and Third Party, will provide risk oversight for key functional areas of the business to ensure the strategic vision of the organization is developed and executed with consideration for the risks involved, and ensure proactive management of IT, IT Security and Third-Party risk in the organization.
The Senior Enterprise Risk Manager – IT, IT Security and Third Party, will assist in ensuring that company policies, risk tolerances and appropriate risk management activities are conducted; develop and manage processes, standards and procedures to ensure business operations are conducted in compliance within appropriate risk limits and tolerances and are managed through proper risk governance; assist in implementing all necessary actions to ensure achievement of the objectives of an effective operational risk management program.
• Ensure execution of the enterprise-wide risk assessment framework as it pertains to IT/IT Security/Third-Party Risks, Controls, and overall Governance activities
• Ensure appropriate inventories of IT/IT Security/Third-Party Risks and controls are maintained.
• Review and discuss the outputs of these inventories on a regular basis to ensure consistency and understanding of aggregated risk to the individual business units and the enterprise.
• Proactively understand, assess and document key IT/IT Security/Third-Party risks and controls across technology and information security domains
• Integrate appropriate regulatory requirements into the risk assessment and reporting processes. Support regulatory control monitoring and oversight as required.
• Ensure regular governance activities as it relates to IT/IT Security/Third-Party Risk are conducted in accordance with Genworth policies and procedures.
• Provide risk oversight to various teams within the organization to ensure the strategic vision of the firm, as well as all attendant policies and procedures, are adhered to in a consistent fashion across the enterprise.
• Work proactively with the businesses in the management of IT/IT Security/Third-Party Risk to help run the businesses more efficiently and to assure best market practices are employed by Genworth.
• Maintain the framework to review and assess IT/IT Security/Third-Party Risks with quantifications implemented in a consistent fashion enterprise-wide.
• Develop and maintain risk reporting, dashboards, heat maps to be utilized with the Board, senior management, the businesses and various external constituents.
• Monitor and report risk exposure in the business lines and provide guidance to senior management on risk triggers, limits and actions.
• Work with the Director, IT and Third-Party Risk Management to review and improve policies, best practices and governance.
• Acts as an independent review and evaluation body to ensure that risk management issues/concerns are being appropriately evaluated, investigated and resolved through test of controls and risk assessment framework.
• Partner with all assurance partners as it relates to IT/IT Security/Third-Party Risks.
• Bachelor’s degree in information technology, business or related fields or equivalent demonstrated experience
• 10+ years business or risk experience, including broad management roles
• 6+ years’ experience with information security and business continuity, disaster recovery risk management
• Experience with an information technology risk management framework such as: ISO 2700x, NIST SP 800-53, or COBIT
• Current security or risk certification, such as: CRISC, CISSP, CISA or GIAC
• Strong communications skills, with the technical ability to challenge risk & business professionals as well as the ability to convey risk exposure and requirements to business leadership
• Strong ability to interact with members of senior leadership team that includes clear communication capabilities and the ability to respond well to questions and feedback in real time.
• Demonstrated leadership and management capabilities in a leadership role, specifically in the area of Information Technology, Information Security and Third-Party Management area with ability to effectively work across multiple functions.
• Knowledge of regulatory and compliance requirements including: HIPAA and HITECH, Sarbanes Oxley, GLBA, and PCI.
• Ability to work effectively in a team environment that presents a high degree of subjectivity and change.
• Strong business acumen with strategic business mindset
• Skilled networker who actively seeks to identify new business opportunities and builds relationships
• Superior customer service skills demonstrating diplomacy, clarity and influence
• Experience as an auditor or risk assessor as a primary responsibility
• Experience conducting information security, business impact assessments
• Experience with various industry frameworks
• Experience with Quantitative Risk Analysis
• Strong communication skills and ability to build and maintain positive relationships
• Proven leadership and management skills.
• Excellent influencing and negotiation skills across diverse business and work cultures.