The Technology Risk Assurance Manager, is responsible for leading the assessment, management, and mitigation of technology-related risks across the organization. This role oversees the design and execution of risk assurance programs, including IT risk assessments, control evaluations, compliance reviews, and audit activities. The Senior Manager will work closely with business and technology leaders to ensure robust risk management practices, promote a strong control environment, and support regulatory compliance.
Key Responsibilities
Technology Risk Management
- Lead the identification, assessment, and monitoring of technology risks, including cybersecurity, data privacy, IT operations, and third-party risks.
- Develop and maintain a comprehensive technology risk framework aligned with industry standards and regulatory requirements.
- Collaborate with IT and business units to embed risk management practices into technology projects and operations.
Risk Assurance and Control Evaluation
- Plan, coordinate, and execute technology risk assurance activities such as IT audits, control testing, and compliance reviews.
- Evaluate the design and operating effectiveness of IT controls, including access management, change management, incident management, and system development lifecycle controls.
- Provide actionable recommendations to address control gaps and improve risk posture.
Leadership and Stakeholder Engagement
- Manage and mentor a team of risk and assurance professionals, fostering a culture of continuous improvement and professional development.
- Serve as a trusted advisor to senior management and key stakeholders on technology risk matters.
- Facilitate risk workshops, training sessions, and awareness programs to enhance risk understanding across the organization.
Regulatory Compliance and Reporting
- Ensure technology risk and assurance activities comply with relevant laws, regulations, and industry standards (e.g., SOX, GDPR, ISO 27001, NIST).
- Prepare and present risk assessment reports, audit findings, and status updates to senior leadership and audit committees.
- Support external audits and regulatory examinations related to technology risk and controls.
Continuous Improvement and Innovation
- Stay abreast of emerging technology risks, trends, and best practices to enhance the organization's risk management capabilities.
- Drive the adoption of risk management tools, automation, and analytics to improve efficiency and effectiveness.
Qualifications and Skills
- Bachelor's degree in Information Technology, Computer Science, Risk Management, or related field. Advanced degree or professional certifications preferred.
- Minimum 7-10 years of experience in technology risk management, IT audit, or IT assurance roles, with at least 3 years in a leadership capacity.
- Strong knowledge of IT risk frameworks, control standards, and regulatory requirements.
- Experience with risk assessment methodologies, audit planning, and control testing.
- Excellent leadership, communication, and stakeholder management skills.
- Relevant certifications such as CISA, CRISC, CISSP, CISM, or CPA are highly desirable.
