Information Risk Management Lead

The Information Risk Management (IRM) Lead will develop and lead a strong and credible IRM program to enable UBX to comprehensively identify, assess, mitigate, monitor and report information risks. As the IRM Lead, you will be part of the Risk and Compliance Team and will be responsible for developing and defining information risk management framework and policy, providing oversight, review and effective challenge of risk management activities owned and managed by the business. You will report to the Chief Risk and Compliance Officer and will maintain responsibility over a core component of UBX’s Risk and Compliance Program, covering all the domains of information risk: information security, technology risk management, and business continuity.

Responsibilities 

  • Lead UBX’s Information Risk Management Program, including the development and maintenance of information risk policies, manuals and standards.
  • Collaborate and develop robust relationships with leadership and key stakeholders in UBX’s chapters and ventures to enable the effective understanding and management of information risks. These stakeholders include venture leads, Chief Technology Officer, Chief Data Officer, Chief Operations Officer, Head of Technology Operations, scrum masters, and risk champions.
  • Collaborate and develop robust relationships with leadership and key stakeholders in UBX’s chapters and ventures to enable the effective understanding and management of information risks. These stakeholders include venture leads, Chief Technology Officer, Chief Data Officer, Chief Operations Officer, Head of Technology Operations, scrum masters, and risk champions.
  • Work closely with the Risk Management and Compliance Teams to ensure close coordination of information risks across all risk management, compliance, and privacy programs.
  • Report to the Risk Management Committee and the Board on the company’s information risk profile and assessment of key risks and emerging trends across chapters and ventures.
  • Perform independent review of information risk assessments and venture pre-launch compliance.
  • Work with the Risk Management Team to conduct credible review and effective challenge of information risks identified in Risk and Control Self-Assessments (RCSAs). 
  • Support the development of information risk appetite, including development of key risk indicators (KRIs) for information security, technology risk management and business continuity.
  • Positively contribute to the development of a strong risk-aware culture across the organization through the development and delivery of IRM-related learning and awareness programs.
  • Maintain ongoing dialogue and relationship with stakeholders in the parent bank, partner organizations, vendors, regulators, and other government agencies.
  • Provide support for regulatory examinations and interactions.
  • Perform and assist in other risk management and compliance activities as necessary.

Qualifications

  • A hacker’s mindset and ability to assess risks
  • Strategic and critical thinker, excellent organizational and problem solving skills
  • Ability to communicate and build relationships across all levels of the organization, including senior management
  • Excellent written and verbal communication skills
  • Adaptable to changing work and business conditions
  • Able to interact and relate at all levels of the organization
  • Ability to work independently with minimal supervision
  • Ability to multitask and work in a fast paced environment
  • Deeply passionate about startups, technology, and innovation
  • A true team player
  • Strong attention to detail

Experience

  • Candidate must possess at least a Bachelor’s Degree in Computer Science, Information Technology, Computer Engineering, Accountancy, Business Administration, or related fields
  • At least 5 years of related experience in the financial services industry in an IT Audit, information risk management or related role
  • Experience in container- and cloud-native software
  • Experience in working in a large cloud or internet software company is preferred
  • Knowledge of industry-standard frameworks, e.g., ISO 9001/20000/22301/27001/31000, ISACA COBIT
  • Holder of the following certifications preferred: CISSP, CISM, CISA or equivalent
  • Experience in using and dealing with business enterprise software