Senior Manager, IT Risk Management

Your roleSenior Manager, IT Risk ManagementWhat you'll be doing

Role Responsibilities

In this role you will get an opportunity to manage the IT Risk Management program that supports IT Audits, IT Risk, Business Continuity planning, Vendor compliance, Information Security control assessments while working closely with key constituents including GRC team members, Information Security, Product SMEs, Regulatory, Legal, Privacy and Audit.

The Senior Manager of the IT Risk Management program is responsible for managing internal and external audits and assessments, being the interface between auditors and technical teams, interacting with information security and other IT teams to assure that IT implemented solutions are compliant with corporate policies and regulations. The role is also responsible for monitoring remediation of audit findings up to completion.

The responsibilities of the role will include:

• Lead and guide a team of analysts in the execution of the IT Risk Management program to manage risk and meet audit requirements on specified timelines.
• Foster strong partnerships with internal and external audit or assessment partners, facilitating audit activities and ensuring effective coordination and communication.
• Co-ordinating timely responses to the internal, external and regulatory audit requests including SOX and SOC1.
• Performing business impact analysis, implementing and coordinating disaster recovery planning and disaster recovery exercises.
• Conducting risk assessments and support the stakeholders in determining the appropriate treatment of identified risks; identify appropriate action plans for risk remediation.
• Supporting the stakeholders in understanding and applying IT risks, security best practices and processes framework.
• Inventory, assess significance, assign accountability, and develop appropriate monitoring for the control environment.
• Administration and implementation of IT policies, procedures, guidelines and standards.
• Conducting IT compliance reviews including user access reviews, risk assessments, control objectives monitoring, and vendor assessments.
• Liaise with the Regulatory Affairs team to identify IT compliance requirements and assist with creation and maintenance and coordinate IT responses to regulatory audits.
• Maintain the information security risk register, risk exception process, and manage the team conducting information systems risk assessments.
• Manage the Business Continuity and Disaster Recovery program administration including conducting impact assessments, disaster recovery plans development and coordinating disaster recovery exercises.

Qualifications & Skills

• 6+ years of experience in IT audits, risk and compliance is required preferably within the financial services.
• Experience with auditors and the evidence collection process
• Familiar with IT systems threat/risk assessments, IT audits and regulatory compliance such as SOC1/2, SOX, and GDPR would be an asset
• Knowledge of regulatory and industry standards such as ISO27002, COBIT, GDPR and other security frameworks.
• Through understanding of information systems and networks and all areas of Information Security including data protection, incident management, and vulnerability management.
• Hands on knowledge of development and management of business continuity and disaster recovery planning
• Excellent analytical skills with the ability to assess complex problems and develop practical solutions
• Information security certifications e.g. CISA, CISM, CRISC, CGEIT, CISSP or GIAC
• Solid interpersonal and verbal/written communication skills
• Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization
• Ability to thrive in a fast-paced, dynamic environment and manage multiple priorities effectively
• Strong organizational and administrative skills including ability to organize, plan and schedule activities.
• Self-motivated professional, able to deliver objectives with minimal supervision.
• Ability to work independently and lead a team.

About Corpay

Corpay is a global technology organisation that is leading the future of commercial payments with a culture of innovation that drives us to constantly create new and better ways to pay. Our specialized payment solutions help businesses control, simplify, and secure payment for fuel, general payables, toll and lodging expenses. Millions of people in over 80 countries around the world use our solutions for their payments.

All offers of employment made by Corpay (and its subsidiary companies) are subject to the successful completion of satisfactory pre-employment vetting by an independent supplier (Experian). This is in accordance with Corpay's Resourcing Policy and include employment referencing, identity, adverse financial, criminal and sanctions list checks. We do this to meet our legal and regulatory requirements.

Corpay is dedicated to encouraging a supportive and inclusive culture among our employees. It is within our best interest to promote diversity and eliminate discrimination in the workplace. We seek to ensure that all employees and job applicants are given equal opportunities.

Notice to Agency and Search Firm Representatives: Corpay will not accept unsolicited CV's from agencies and/or search firms for this job posting. Resumes submitted to any Corpay employee by a third party agency and/or search firm without a valid written & signed search agreement, will become the sole property of Corpay. No fee will be paid if a candidate is hired for this position as a result of an unsolicited agency or search firm referral. Thank you.