Manager - Information Governance Risk

Profile

\u003cp\u003e\u003cstrong\u003eKEY ACCOUNTABILITIES:\u003c/strong\u003e\u003c/p\u003e
\u003cp\u003eAccountable for partnering with Information Governance Risk leadership to assist in developing and implementing a firm-wide Information Governance Risk Management Program that informs the firm’s information risk decisions by identifying, managing, reporting risks and working with risk owners and leadership to develop risk treat options. This includes risks related to security, privacy, retention and destruction of information in business process and systems, as well as business continuity and resilience risks. This position is responsible for identifying potential risks, documenting risks within a risk register, managing risks throughout the risk lifecycle, and developing and managing a comprehensive risk portfolio for the Firm. \u003c/p\u003e
\u003cul\u003e
\u003cli\u003eRisk Requirements:  Participate in internal audits of Information Risk Management Program and Information Governance audits throughout the firm.  Partner with Information Governance and IT leadership to incorporate audit findings into risk management policies and processes as needed.\u003c/li\u003e
\u003c/ul\u003e
\u003cul\u003e
\u003cli\u003eIdentify Risks: Conduct risk assessments of legacy systems and business processes to ensure they are evaluated against the firm’s current requirements and recommend mitigation plans to address gaps in compliance.  Partner with IT leadership and Attorney or Corporate leadership to understand changing or new IT systems or business processes in order to evaluate information governance risks.  Develop recommendations for requirements or mitigation plans to ensure the changes or new systems / processes align with the firm’s risk strategies and tolerance.\u003c/li\u003e
\u003c/ul\u003e
\u003cul\u003e
\u003cli\u003eRisk Register: Lead collaborative discussions with Information Governance leadership, IT leadership, Client Originating Attorneys, and Corporate leadership to identify activities carried out by the firm that create information risk.  Evaluate those risks based on identified requirements and the firm’s established risk tolerance.  Recommend whether the firm should avoid, mitigate, accept, or transfer risks.  Manage process to regularly review documented risks to ensure they have not changed in a manner that would require the firm to re-evaluate prior risk decisions.  Manage an up to date log of all information risks, both business process and systems related.   \u003c/li\u003e
\u003c/ul\u003e
\u003cul\u003e
\u003cli\u003eRisk Portfolio: Manage a risk portfolio that provides an aggregate view of the firm’s information risks for business processes and systems.  Partner with Vendor and Client Assessment analysts to identify and document risks from third parties the firm conducts business with.  Monitor external tools that assess the firm’s Information Governance Program and IT Security. Identify projects to improve the firm’s score and partner with leadership to prioritize and complete projects. \u003c/li\u003e
\u003c/ul\u003e
\u003cp\u003ePartner with the Sr. Manager Controls and Audits to ensure risk assessments are conducted based on current controls documented in the Governance, Risk, and Compliance tool.  Ensure audit findings are incorporated into risk assessments and mitigation plans as needed.\u003c/p\u003e
\u003cp\u003eMaintain up-to-date knowledge of industry standards and best practices for risk management. \u003c/p\u003e
\u003cp\u003eSupport the Information Governance team with other projects, as needed  \u003c/p\u003e
\u003cp\u003ePerform such other/additional duties as may from time to time be assigned.\u003c/p\u003e
\u003cp\u003e\u003cstrong\u003eTECHNICAL SKILLS AND COMPETENCIES REQUIRED:\u003c/strong\u003e\u003c/p\u003e
\u003cp\u003eEstablished knowledge of information risk management industry standards including ISO, NIST, HiTrust, etc.\u003c/p\u003e
\u003cp\u003eDemonstrated ability to identify business processes owned by team, evaluate processes against information risk management industry standards and identify, define and document process improvements. Ability to identify technology needs to support processes.\u003c/p\u003e
\u003cp\u003eDemonstrated ability to execute multiple projects against competing timelines while maintaining quality standards.\u003c/p\u003e
\u003cp\u003eDemonstrated ability to provide a high level of customer service, which meets team service standards and user expectations.\u003c/p\u003e
\u003cp\u003eDemonstrated ability to develop productive operational partnership with direct reports, peers, Client Originating Attorneys, Corporate Leaders, and key program partners such as IT and the Information Governance team.\u003c/p\u003e
\u003cp\u003e\u003cstrong\u003eEDUCATION AND CERTIFICATIONS: \u003c/strong\u003e \u003c/p\u003e
\u003cp\u003eRequired: Bachelor’s degree with CISSP, CRISC, etc.\u003c/p\u003e
\u003cp\u003e\u003cstrong\u003eEXPERIENCE REQUIRED:\u003c/strong\u003e\u003c/p\u003e
\u003cp\u003e5-7 years of applied work experience in the Risk Management field.\u003c/p\u003e,EqualOpportunityEmployerDescription:null,PayTransparencyPolicyStatement:null,MatchScore:1.0,HasApplied:false,ApplicationJobBoardName:null,ApplicationJobBoardId:null,DateApplied:null,Salaried:true,CompensationAmount:null,PublishingStatus:1,Links:[],BehaviorCriteria:[],MotivationCriteria:[],EducationCriteria:[],LicenseAndCertificationCriteria:[],SkillCriteria:[],WorkExperienceCriteria:[],JobBoardMemberships:[{JobBoardId:2e3d7edd-7174-48cf-a542-539119bbcf9f,PublishedInternal:true,PublishedExternal:false,ExternalPostedDate:null,InternalPostedDate:2021-07-16T00:06:13.411Z},{JobBoardId:631c7b72-f9c7-4adf-9109-9967ce8334e4,PublishedInternal:true,PublishedExternal:true,ExternalPostedDate:2021-07-16T00:06:13.411Z,InternalPostedDate:2021-07-16T00:06:13.411Z}],AssessmentUri:null,AssessmentStatus:null,OpportunityIsClosed:false,TravelRequired:null,TravelDescription:null,SupervisorName:null,Assessments:[],ApplicationId:null,CompensationAnnualMinimum:null,CompensationAnnualMaximum:null,CompensationHourlyMinimum:null,CompensationHourlyMaximum:null,CompensationCurrency:null});

Company info

Littler Mendelson P.C
Website : https://www.littler.com/