IT Risk Management Lead
Cathay Pacific
- Tung Chung, Hong Kong
- Permanent
- Full-time
- Designing and implementing an overall risk management process for the organisation, which includes an analysis of the impact on the company when risks occur
- Performing a risk assessment: Identifying potential risks and analysing risks that are affecting the company
- Performing a risk evaluation: Evaluating the company’s previous handling of risks, and comparing potential risks with criteria set out by the company such as costs and legal requirements and also in consideration to current and implemented controls
- Developing proposed responses, to include recommendations for corrective actions and mitigations
- Performing risk response in consideration to cost of response to reduce risk within tolerance level, risk rating, feasibility and effectiveness of the response.
- Establishing the level of risk the company are willing to take
- Maintaining on-going risk monitoring with the risk owners for the latest development to the mitigation status and timelines.
- Regular reporting to leadership in term of the latest IT Risk registration, review and closure.
- Risk reporting tailored to the relevant audience. (Educating all level of risk owners about the most significant risks to the business; ensuring risk owners understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks)
- Building IT risk awareness amongst staff by providing support and training within the company
- Work closely with extended teams in like security operations and assurances to provide necessary support in risk assessments and required guidance on mitigation
- Own and maintain tools used for Risk Management
- Minimum 7 years’ solid working experience in the IT industry and at-least 3 years in Risk Management area
- Lead small teams
- Ability to make timely and efficient decisions.
- Tertiary educations are desirable
- Requirement of Security certificates like CRISC, CISSP is preferred
- Collaborating with leadership to determine and document the organizations level of risk tolerance
- Familiar with IT Risk management tools
- Ability to make timely and efficient decisions.
- Capturing, understanding, and explaining the risk to stakeholders across the organization
- Risk report tailoring to the relevant audience
- Excellent verbal and written communication skills across internal and external organizations.
- Ability to prioritize and manage several projects or priorities simultaneously.
- Strong interpersonal skills and the ability to interface with all levels
- Make an active contribution on developing IT risk management
- Promote Risk management within IT and BU
- Provide support to all team members
- Knowledge of project management practices and ITIL processes
- Strong acumen in vendor management and stakeholders management
- Practical Project Management experience on traditional waterfall and agile development life cycles
- Strong problem solving and analytical skills
CTgoodjobs