IT Risk Manager

Join to apply for the IT Risk Manager role at JG Summit Holdings Inc. Department Governance, Risk & Compliance Employee Type Probationary Responsibilities Develop and implement the IT Risk Management Framework, aligned with enterprise risk and international standards (ISO 27005, NIST RMF, COSO). Identify, assess, and prioritize technology and cyber risks across infrastructure, applications, and services. Maintain the IT risk register and facilitate regular risk reviews, treatment plans, and reporting to senior leadership. Coordinate risk assessments for new projects, technologies, and change initiatives. Lead the development and execution of the third-party IT risk management program, from vendor selection and onboarding to ongoing monitoring and offboarding. Conduct due diligence and risk assessments on third-party vendors with access to sensitive data or critical systems. Ensure third-party contracts include appropriate security and resilience clauses. Monitor third-party security posture and performance, ensuring compliance with established policies and standards. Manage third-party security incidents and breaches, coordinating response and remediation efforts. Develop and maintain an enterprise-wide Major Incident Management Plan to ensure swift and effective response to IT and operational incidents. Lead incident response activities, including identifying, assessing, and managing incidents to minimize business impact. Establish an Incident Response Team (IRT) and facilitate regular incident response simulations and drills. Facilitate coordination with the Chief Information Security Officer to ensure effective collaboration among IT, cybersecurity, and business stakeholders in resolving incidents and providing timely updates to leadership. Perform root cause analyses (RCA) post-incident, document findings, and recommend process improvements to prevent recurrence. Define and monitor incident management key performance indicators (KPIs) such as response times and resolution rates. Design and implement the organization’s Disaster Recovery Plans (DRP) to ensure resilience of critical systems and processes. Conduct Business Impact Analysis (BIA) to identify critical business functions, dependencies, and recovery time objectives (RTOs). Develop and maintain contingency plans for various disruption scenarios, including IT outages, cybersecurity events, and natural disasters. Lead BCP and DRP testing activities, including tabletop exercises and full-scale simulations. Collaborate with business units to identify continuity requirements, ensure stakeholder buy-in, and align plans with organizational priorities. Oversee vendor dependencies and third-party risk management as it relates to continuity and recovery planning. Communicate IT risk posture, incident status, and business continuity readiness to various stakeholders, including executive leadership, business unit heads, and technical teams. Serve as the key point of contact for incident escalation, recovery efforts, and crisis communication. Provide leadership during crisis situations, ensuring clear communication and decision-making to minimize operational disruption. Qualifications Bachelor’s degree in Information Technology, Risk Management, or a related field. 8+ years of progressive experience in Incident Management, Business Continuity, Disaster Recovery, or IT Operations, with at least 3-5 years in a leadership or managerial capacity. Demonstrated experience covering the full spectrum of IT risk, including operational risk, cybersecurity risk, and third-party risk. Excellent analytical, critical thinking, and problem-solving skills, with the ability to translate complex technical issues into business risks. Exceptional communication, presentation, and interpersonal skills, with the ability to influence and collaborate effectively with diverse stakeholders at all levels. Relevant Certifications (Highly desirable): CRISC, CISM, CISA, CBCP/MBCP, CBCI/FBCI, CTPRP, CISSP, ITIL 4 Practitioner: Incident Management, ITIL certifications. Experience Range: 6‑8 years. Job Posted #J-18808-Ljbffr