Job Purpose
The Manager, Information Risk is responsible for developing, implementing, and managing the group’s information risk management framework. This includes identifying, assessing, mitigating, and monitoring information-related risks, and ensuring appropriate controls on data flows from source systems to the data warehouse/data lake across IT systems. The role works closely with IT, Security, Audit, and Business teams to ensure that information assets are adequately protected, regulatory compliance is maintained, and risk postures align with the organization’s strategic objectives and risk appetite.

Job Responsibilities / Accountabilities

Data Governance

• Map end-to-end data flows within the group’s systems and ensure the necessary controls are in place for completeness and accuracy of data.
• Implement and maintain the group’s data and information risk management framework, policies, standards, and procedures in alignment with industry best practices (e.g., ISO 27001, NIST, COBIT) and regulatory requirements.
• Integrate information risk management activities into the broader enterprise risk management (ERM) framework.

Risk Identification & Assessment

• Conduct comprehensive information risk assessments (including IT, cybersecurity, and data privacy risks) across systems, applications, processes, and third-party relationships.
• Identify potential threats, vulnerabilities, and their impact on information assets.
• Facilitate risk workshops and interviews with stakeholders to gather risk intelligence.

Risk Mitigation & Treatment

• Develop and recommend risk treatment plans, controls, and countermeasures to mitigate identified risks to acceptable levels.
• Collaborate with IT, Security, and Business teams to implement mitigation strategies and track their effectiveness.
• Assist in developing business continuity and disaster recovery plans related to information risk.

Risk Monitoring & Reporting

• Manage key risk indicators (KRIs) and metrics to continuously monitor the group’s information risk posture.
• Prepare and present regular, clear, and actionable risk reports to senior management, risk committees, and the Board as required.

Compliance

• Ensure compliance with relevant information security, data privacy, and industry-specific regulations.

Third-Party Risk Management

• Lead the assessment of information risks associated with third-party vendors, suppliers, and service providers.
• Oversee third-party risk assessment processes, including security reviews and contractual compliance checks.

Awareness & Training

• Contribute to the development and delivery of technology, information, and cybersecurity risk awareness and training programs.
• Promote a strong risk culture across the organization.

Qualifications

Required Skills and Qualifications

• Education: Master’s or Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or Data Science.
• Preferred certifications (one or more): Certified Data Management Professional (CDMP), CRISC, CISM, CISA, CISSP, GRCP, relevant cloud security certifications (e.g., AWS Security, Azure Security).
• Minimum 5+ years of progressive experience in Information Risk Management, Cybersecurity, IT Audit, or IT Governance within a complex organizational environment.
• Experience in the financial services industry is highly preferred due to its regulatory landscape.