Information Risk Management Senior Specialist

NN HAYAT VE EMEKLİLİK ANONİM ŞİRKETİ

• Advanced level in English language,
• Adhering to principles & values
• Writing & Reporting
• Applying Expertise &Technology
• Analyzing
• Planning & Organizing
• Delivering Results & Meeting Customer Expectations
• Achieving Personal Work Goals and Objective

Job Description

IT risk management activities are coordinated through this role. It includes the coordination of IT policy drafting and scheduled review. IT Risk is responsible to maintain the IT Risk Framework and its associated controls and reporting. This role is responsible to evaluate overall information technology risk, maintain an active view, and report on the actual, mitigated and residual risk in the technology organization. All compliance closure activities are coordinated through this role, including the control and actual submissions for closure.

• Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
• Create and maintain a risk register to ensure that all identified risk factors are accounted for.
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
• Analyse risk scenarios to determine their impact on business objectives.
• Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
• Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
• Ensure that all IT policies and procedures are compliant with NN-Group and regulatory requirements.
• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment
• Review risk responses with the relevant stakeholders for validation of efficiency and effectiveness
• Assist in the development of risk response factors identified in the organizational risk profile.
• Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.
• Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
• Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
• Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls
• Collect information and review documentation to identify information systems control deficiencies.
• Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.
• Ensure that all IT policies and procedures are compliant with regulatory requirements
• Contribute to the development and maintenance of the enterprise-wide business continuity management program including: development of tools and instructional guides for both business
• Contribute to establishing and maintaining program processes and practices which effectively ensure that the enterprise program remains current, and incorporates/aligns with industry standards and practices as appropriate, and adequately covers general regulatory requirements.