Business Information Risk Advisor
The Information Risk Management function is accountable for Information risks and Information security in the RDS Group as an independent function within the IT function in RDS Group.
The Business Information Risk Management team is accountable for Information Risk Management (including the GRA activities that moved to IT) and Assurance activities to enable the Business to have risk based information security protection in their business and ability to take on future business opportunities in a secure manner. The team will have a level of independence to deliver its accountabilities within Business IT on behalf of the IRM function.
The IRM Advisor Business IRM works closely with the Business IRM Manager and LOB IRM Managers and the IRM Capability engine to support risk engagement activities with the Business, Business Interface, Business IT and IT Delivery teams, according to the IRM function’s strategies, standards, processes, guidelines and governance.
As an integral part of the Business IRM team, translate Business IRM requirements and demand to services available from the IRM Capability engine and vice versa, ensuring that Business IRM and the IRM Capability engine fully leverage each other.
The IRM Advisor works closely with the LOB IRM Manager and the IRM natural team to support risk engagement activities with the Business, Business Interface, Business IDT and IDT Delivery teams, according to the IRM function’s strategies, standards, processes, guidelines and governance.
• Responsible for raising awareness and understanding of risks and threats to the Business and IDT community
• With LOB IRM Manager, co-drives assurance of activities in Business IDT groups to the appropriate IRM strategies, standards guidelines, policies and security behaviors.
• Provides hands on guidance on Business adoption of the correct IRM behaviors within the Line(s) of Business on behalf of IRM and the IDT function
• Proactive, dynamic engagement with Business IDT to ensure the right IRM requirements are understood and adopted.
• Acts as Information Risk advisor to the LOB IDT natural team. Supports LOB IRM Manager’s engagement with the Line(s) of Business IDT General Managers and respective IDT Managers on all information risk matters, management in control status reporting (including all assurance inputs, risk reporting, Line(s) of Business BACs (Business Assurance Committees) and interface with key assurance stakeholders.
• Active & Participating member of LOB IDT natural teams, contributing to decisions on behalf of the function, according to strategies, guidelines, standards, policies, processes and behaviors. Provides details or prepares risk acceptance requirements within the business
The IRM Advisor role requires a good understanding of Information Risk and Cyber Security to translate into language that is appropriate for the stakeholder community, specifically
• Minimum experience in Information Risk Management - 8+ years. CISSP, CISA, CRISC or CISM (must have any).
• Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls.
• Solid understanding of internal and external IT security standards, and relevant legal compliance aspects.
• Basic understanding of, and experience with the impact of IRM on application development and operations as well as the IT Infrastructure.
• Solid understanding of business processes for that particular Business IDT.
• Ability to balance IRM needs and standards in light of risk and affordability to the Business as well as business impact.
• Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
• Ability to interface with different groups (Business and IDT) internal and external to IDT (security) and to network globally across Group businesses, as well as with external groups.
• Candidate must also:
• Display strong communicating and influencing skills
• Display excellent analytical and problem-solving skills
• Be pro-active and self-motivated
• Display strong interpersonal and negotiating skills with all levels of staff.