Job Description
Support the development and execution of the enterprise technology risk governance framework
Enhance and maintain IT risk management processes across people, process, and technology
Develop and report on key risk indicators (KRIs), KPIs, and SLAs for technology and information security risks
Prepare clear, executive-level reporting and presentations for senior leadership and C-suite audiences
Maintain and manage the IT risk register within the GRC platform (e.g., OneTrust, AuditBoard or similar)
Conduct Security Threat and Risk Assessments (STRAs) for new initiatives and technology implementations
Participate in third-party and supply chain cybersecurity risk assessments (TPRM)
Advise business and technology teams on risk mitigation strategies and compensating controls
Promote a strong risk-aware culture across the organization