Information Security Risk Manager

Job Title: Information Security Risk Manager (Risk Advisor)

Job Type: Full-Time/Contract - 2 years (renewable)

Location: Trinidad and Tobago/Fully Remote

Role Summary:

Provide Information Security & Technology Risk Management consulting services to Project teams based on Risk Management processes and procedures. Participate in Project meetings, Security Reviews, Walkthroughs, and Risk Assessments.

Key Responsibilities:

Review and interpret requirements documentation, architecture diagrams and solution designs to help determine the feasibility of a project and its security risk. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape

Assess applications, infrastructure, business units, business processes and external suppliers for information security risks, identifying the potential threats and exposures

Examine and interpret requirements documents, architecture diagrams, solution designs and other written and verbal information to determine if a project, application, infrastructure or external supplier presents security risk to premium bank.

Work with third party teams and internal development groups to interpret and review results from penetration tests on internet-facing applications as needed.

Work with the required teams to ensure that code scans are completed for all new or modified code deployments

Track to completion, issues raised during the risk management reviews (TRA / ISA / PEN test / CIRA, Code scans/PIRT). Ensure as necessary the logging of identified issues as deficiencies, if mitigation will not be possible prior to project implementation and the associated risk is within the Banks risk appetite.

Collaboration with relevant teams will be required.

Provide Information Security risk consulting services to projects; to ensure all information security policies, standards and processes are embedded in the designed and delivered solutions.

Any other related requests from Senior Management

In consultation with the senior manager, develops a risk-based schedule for business as usual (BAU) baseline risk assessments; collaborating with respective technology and business owners to mitigate any significant issues identified.

As requested by senior manager, reviews all contract and third-party arrangements to ensure that information security policies are adhered to, and that sufficient security protection will be afforded to information assets.