Domaine: Systèmes d'Information

Type d‘emploi: Temps plein

Ville: Shanghai - Shanghai

Pays/Région: China

The role of IT Risk Manager is responsible for identifying, assessing, evaluating and monitoring the IT risks within the information technical team by covering all relevant functions of IT team like the infrastructure team, digital team, IT retail team and employee experience team etc. to enable the enhancement of the overall security posture of the organization.
This role work closely with a wide range of audiences which include by not limited to: chief information security officer, infrastructure team, digital team as well as the end users from business etc. The major directive of this position is to identify and report information technology risks to senior management team where necessary.
-Enable the risk enabled environment, develop a risk awareness program and conduct training to ensure that all stakeholders understand the risk and contribute to the risk management process and to promote a risk-aware culture;
-Identification of information technology risks, communication and development of “best practice” solutions, and implementation of mitigating controls which consistent with company strategy;
-Development, implementation and enforcement of information security governance including policies, standards and procedures in collaboration with HR and Legal team where necessary;
-Ensure that the IT assets and services are secure, ranging from mobile devices, desktops, servers and applications to networks through the implementation of best-in-class security measures;
-Act as the IT liaison to lead communications with internal and external auditors and ensure compliance;
-Development, execution and monitoring of disaster recovery plans for all critical IT assets throughout the organization;
-Selection and management of external security management vendors and service providers to support security planning and implementation as organizational needs and resource levels required;
-Create and maintain a risk register to ensure that all identified risk factors are accounted for, and establish the benchmark as well as the information technology risks reporting dashboard in terms of highlight the risk profiles for countries;
-Assist with providing subject matter expertise within the information technology operational risk management framework and the vendor risk assessment framework;
-Validate the risk appetite and risk tolerance level with senior leadership and key stakeholders to ensure alignment;
-Responsible for various risk management projects as assigned from whatever from zone and/or global.