In this role, you will be part of ETRM US and support the legal entities in Europe in their technology risk management. The role will be based in Quincy, Massachusetts and you will work in close coordination to support the ETRM EMEA team.
General Roles and Responsibilities
Contribute to the development and implementation of the IT Risk Strategy, Governance model and framework in EMEA.
Governance and Oversight:
Drive effective implementation and communication of all Technology risk mgmt. policies and guidelines.
Establish local policies and guidelines (as required) to meet regulatory requirements.
Provide materials for the ETRM EMEA team to enable proper communication with regulators on the IT risk program as required.
Provide direction, support and oversight with respect to management of security and technology risks of core systems and applications.
Provide IT risk management consulting to the business, technical and operations groups.
Identification and Assessment:
Develop an understanding of the organizations strategy, critical success factors, risk profile and potential security or technology exposures
Provide increased transparency and visibility to critical IT risks and prioritize remediation initiatives and related funding needs.
Proactively identify potential risk exposures within new technology solutions being designed and implemented, and partner with Technology and Application Development teams, Continuity teams and Corporate Security groups to implement appropriate solutions to mitigate exposure.
Oversee risk and vulnerability assessments of the business systems and applications, and facilitate compliance/control reviews and associated remediation efforts.
Utilize available risk management tools in conjunction with other environmental changes to proactively monitor the Technology control environment and identify and address potential weaknesses and/or gaps in a timely manner.
Keep abreast of new products, services, technologies and applications as well as their respective impact on the organization's risk profile.
Participate in due diligence efforts for new clients, vendors and M&A activity, as needed.
Monitoring, Analysis, Reporting and Escalation:
Assist business lines in implementing effective technology risk management best practices by developing and establishing continuous risk identification, measurement, management, control and reporting.
Provides ongoing assessment of the Technology Risk Profile through regular status reporting of risk issues and initiatives
Develop effective Technology risk reporting and other communication channels to ensure timely escalation of significant risk issues.
Serves as liaison with other Risk disciplines, internal departments, Regulators and other external parties.
Serve as a subject matter expert in technology risk, controls, compliance, and information security best practices.