IT RISK MANAGEMENT SENIOR LEAD

Reports to: IT Risk and Security Manager

The role of a senior lead in IT Risk management is to own, develop, assess and on-going monitor the end to end process of IT risk management in the organisation. The role provides hands-on on assessing, evaluating risks, advising risk response and mitigation steps, reporting and ensure that the risk posture is better with low exposure to risks. Must have excellent quantitative and analytical skills, along with the ability to apply those skills across a variety of business processes

• Designing and implementing an overall risk management process for the organisation, which includes an analysis of the impact on the company when risks occur
• Performing a risk assessment: Identifying potential risks and analysing risks that are affecting the company
• Performing a risk evaluation: Evaluating the company’s previous handling of risks, and comparing potential risks with criteria set out by the company such as costs and legal requirements and also in consideration to current and implemented controls
• Developing proposed responses, to include recommendations for corrective actions and mitigations
• Performing risk response in consideration to cost of response to reduce risk within tolerance level, risk rating, feasibility and effectiveness of the response.
• Establishing the level of risk the company are willing to take
• Maintaining on-going risk monitoring with the risk owners for the latest development to the mitigation status and timelines.
• Regular reporting to leadership in term of the latest IT Risk registration, review and closure. 
• Risk reporting tailored to the relevant audience. (Educating all level of risk owners about the most significant risks to the business; ensuring risk owners understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks)
• Building IT risk awareness amongst staff by providing support and training within the company
• Work closely with extended teams in like security operations and assurances to provide necessary support in risk assessments and required guidance on mitigation 
• Own and maintain tools used for Risk Management 

• Minimum 10 years’ solid working experience in the IT industry with the last 3 years in Lead positions
• Tertiary educations are desirable
• Requirement of Security certificates like CRISC, CISSP is preferred
• Collaborating with leadership to determine and document the organizations level of risk tolerance
• Familiar with IT Risk management tools 
• Ability to make timely and efficient decisions. 
• Capturing, understanding, and explaining the risk to stakeholders across the organization
• Risk report tailoring to the relevant audience
• Excellent verbal and written communication skills across internal and external organizations.
• Ability to prioritize and manage several projects or priorities simultaneously.
• Strong interpersonal skills and the ability to interface with all levels
• Make an active contribution on developing IT risk management
• Promote Risk management within IT and BU
• Provide support to all team members
• Knowledge of project management practices and ITIL processes
• Strong acumen in vendor management and stakeholders management
• Practical Project Management experience on traditional waterfall and agile development life cycles
• Strong problem solving and analytical skills

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.