|
| POSITION DESCRIPTION |
NEW ZEALAND IT SPECIALISTS MARCH 2012 |
 |
| Position Title: |
IT Risk Manager |
| Position Code: |
36025 |
| Career Level: |
4 |
|
|
Responsible for
The measurement, reporting and control of risks associated with IT&T across the organisation.
|
| |
Reports To
Chief Security Officer (CSO), IT Operations Manager, may report outside of IT in some organisational structures.
|
| |
Supervises
May supervise a small team.
|
| |
Main Activities
Scheduling activities to ensure compliance with global and local milestones
Ensuring that the design documentation is maintained to accurately reflect the policies and procedures of the organisation's IT environment.
Reviewing of proposed projects to ensure compliance (e.g.- Sarbanes Oxley) is maintained when new systems, infrastructure and processes are implemented
coordination and potentially implementation of annual effectiveness testing program.
Random testing of control activities to check for possible gaps.
coordination of internal and external audit programs.
Scheduling and execution of regular IT disaster recovery testing in conjunction with the technology and systems support teams.
Evaluation of the proposed disaster recovery and business continuity programs for new systems implementations and major systems modifications.
|
| |
Key Skills
Demonstrated understanding and experience delivering programs to meet relevant statutory and organisational risk/compliance programs.
High level knowledge of IT risk assessment programs.
An understanding of various aspects of the Disaster Recovery position that apply to mainframe, mid range, LAN and associated networks.
Ability to lead, influence and motivate a small team of IT&T risk specialists.
High level of written skills in a variety of communication settings and styles.
|
| |
Internal Contacts
Business unit managers, regional IT support teams, Project Managers, Business Analysts, Disaster Recovery Specialists, IT Security, Internal Audit.
|
| |
External Contacts
External Auditors, Vendors
|
| |
Typical Experience
At least 5-7 years of experience in commercial IT audit/risk management. Desirable experience in both technical and business capacities coupled with tertiary level qualifications in Business, IT or a related discipline.
|
| |
Other Comments
|
| |
|
|
| |
