Risk and Audit Manager for Technology is responsible for developing and implementing risk management and audit programs to ensure the security, compliance, and resilience of our technology infrastructure.
He/She will be the main point person in the conduct of any risk/audit assessment to the Technology Team. He/She will also be the appointed as DCRisk Management:
• Conduct comprehensive risk assessments of technology systems, identifying potential vulnerabilities and threats.
• Develop and implement risk mitigation strategies and action plans.
• Collaborate with technology leaders to integrate risk management into project planning and execution.
Audit Planning and Execution:
• Develop and maintain an annual technology audit plan in alignment with organizational objectives and regulatory requirements.
• Conduct self/internal audits of technology processes, controls, and systems.
• Coordinate and liaise with internal audit and external audit firms as needed.
• Ensure technology operations comply with relevant laws, regulations, and industry standards.
• Stay abreast of changes in regulatory requirements and update policies and procedures accordingly.
• Develop and deliver compliance training to technology teams.
Incident Response and Continuity Planning:
• Collaborate with the technology and security teams to develop and implement incident response plans.
• Participate in post-incident reviews and identify areas for improvement.
• Contribute to the development and testing of business continuity and disaster recovery plans.
Documentation and Reporting:
• Maintain accurate and up-to-date documentation of risk assessments, audit findings, and remediation plans.
• Prepare and present reports to technology leadership and other relevant stakeholders.
• Track and report on the status of risk management and audit initiatives.ORO for Technology
Advanced certifications such as CISA, CISSP, or CRISC are a plus.
Proven experience (> 5 years) in risk management, internal audit, or a related field within the technology sector.
In-depth knowledge of technology risk, cybersecurity, and regulatory compliance.
Strong analytical and problem-solving skills.
Excellent communication and interpersonal skills.
Familiarity with industry frameworks and standards (ISO 27001, NIST, etc.).