IT Risk Manager

22 hours ago


Pasig, National Capital Region, Philippines JG Summit Holdings Inc. Full time
Overview

The IT Risk Manager plays a critical role in managing the organization's technology risk exposure, ensuring a resilient and secure IT environment. This position leads the development and execution of risk management strategies, including third-party risk oversight, major incident management, and enterprise business continuity planning. The role serves as a central point of contact for identifying, evaluating, and mitigating IT and cyber risks that could impact operations, compliance, or reputation. The IT Risk Manager collaborates with stakeholders across IT, legal, procurement, and business units to maintain a strong control posture and ensure preparedness for disruptions.

Responsibilities
  • Develop and implement the IT Risk Management Framework, aligned with enterprise risk and international standards (ISO 27005, NIST RMF, COSO).
  • Identify, assess, and prioritize technology and cyber risks across infrastructure, applications, and services.
  • Maintain the IT risk register and facilitate regular risk reviews, treatment plans, and reporting to senior leadership.
  • Coordinate risk assessments for new projects, technologies, and change initiatives.
Third-Party Risk Management (TPRM)
  • Lead the development and execution of the third-party IT risk management program, from vendor selection and onboarding to ongoing monitoring and offboarding.
  • Conduct due diligence and risk assessments on third-party vendors with access to sensitive data or critical systems.
  • Ensure third-party contracts include appropriate security and resilience clauses.
  • Monitor third-party security posture and performance, ensuring compliance with established policies and standards.
  • Manage third-party security incidents and breaches, coordinating response and remediation efforts.
  • Develop and maintain an enterprise-wide Major Incident Management Plan to ensure swift and effective response to IT and operational incidents.
  • Lead incident response activities, including identifying, assessing, and managing incidents to minimize business impact.
  • Establish an Incident Response Team (IRT) and facilitate regular incident response simulations and drills.
  • Facilitate coordination with the Chief Information Security Officer to ensure effective collaboration among IT, cybersecurity, and business stakeholders in resolving incidents and providing timely updates to leadership.
  • Perform root cause analyses (RCA) post-incident, document findings, and recommend process improvements to prevent recurrence.
  • Define and monitor incident management key performance indicators (KPIs) such as response times and resolution rates.
Business Continuity Management
  • Design and implement the organization's Disaster Recovery Plans (DRP) to ensure resilience of critical systems and processes.
  • Conduct Business Impact Analysis (BIA) to identify critical business functions, dependencies, and recovery time objectives (RTOs).
  • Develop and maintain contingency plans for various disruption scenarios, including IT outages, cybersecurity events, and natural disasters.
  • Lead BCP and DRP testing activities, including tabletop exercises and full-scale simulations.
  • Collaborate with business units to identify continuity requirements, ensure stakeholder buy-in, and align plans with organizational priorities.
  • Oversee vendor dependencies and third-party risk management as it relates to continuity and recovery planning.
Stakeholder Engagement & Communication
  • Communicate IT risk posture, incident status, and business continuity readiness to various stakeholders, including executive leadership, business unit heads, and technical teams.
  • Serve as the key point of contact for incident escalation, recovery efforts, and crisis communication.
  • Provide leadership during crisis situations, ensuring clear communication and decision-making to minimize operational disruption.
Who Are You?
  1. Bachelor's degree in Information Technology, Risk Management, or a related field.
  2. 8+ years of progressive experience in Incident Management, Business Continuity, Disaster Recovery, or IT Operations, with at least 3-5 years in a leadership or managerial capacity.
  3. Demonstrated experience covering the full spectrum of IT risk, including operational risk, cybersecurity risk, and third-party risk.
  4. Excellent analytical, critical thinking, and problem-solving skills, with the ability to translate complex technical issues into business risks.
  5. Exceptional communication, presentation, and interpersonal skills, with the ability to influence and collaborate effectively with diverse stakeholders at all levels.
Relevant Certifications (one or more highly desirable)
  • CRISC - Highly relevant for IT risk management.
  • CISM - Covers information security governance, risk management, and incident management.
  • CISA - Focuses on auditing, control, and assurance of information systems.
  • CBCP / MBCP from DRI International - Specific to business continuity.
  • CBCI / FBCI from BCI - Specific to business continuity.
  • CTPRP from Shared Assessments - Specific to third-party risk management.
  • CISSP - Broad cybersecurity knowledge.
  • ITIL 4 Practitioner: Incident Management (or similar ITIL certifications) - Relevant for incident management processes.

#J-18808-Ljbffr

  • Pasig, National Capital Region, Philippines HRTX Full time

    We are looking for a highly experienced Risk Management professional to join our growing organization as Head of Enterprise Risk. This is a newly created role that offers the opportunity to shape and lead the Banks Enterprise Risk Management (ERM) framework while working directly with the Chief Risk Officer.The role is an individual contributor capacity with...


  • Pasig, National Capital Region, Philippines HR TechX Corp. Full time

    OverviewRisk Management Head (Bank) role at HR TechX Corp.. We are looking for a highly experienced Risk Management professional to join our growing organization as Head of Enterprise Risk. This is a newly created role that offers the opportunity to shape and lead the Banks Enterprise Risk Management (ERM) framework while working directly with the Chief Risk...


  • Pasig, National Capital Region, Philippines beBeeRisk Full time ₱900,000 - ₱1,200,000

    Enterprise Risk Leadership RoleThis leadership position plays a pivotal role in shaping and executing the organization's Enterprise Risk Management (ERM) strategy. Reporting directly to the Chief Risk Officer, you will be responsible for developing and implementing risk management policies, procedures, and tools to mitigate potential threats to the...


  • Pasig, National Capital Region, Philippines beBeeRisk Full time ₱900,000 - ₱1,200,000

    Enterprise Risk Management LeaderWe are seeking a seasoned risk management professional to lead our Enterprise Risk Management (ERM) initiative. This strategic role involves developing and implementing a robust ERM framework that aligns with regulatory requirements and best practices.The ideal candidate will have at least 10 years of experience in risk...


  • Pasig, National Capital Region, Philippines beBeeOperational Full time ₱450,000 - ₱900,000

    As a key professional, you will play a pivotal role in our organization's risk management framework. This exciting opportunity is designed to provide leadership visibility, cross-functional exposure, and involvement in digital transformation initiatives.Job DescriptionDevelop and implement the Operational Risk Management (ORM) framework, procedures, and...


  • Pasig, National Capital Region, Philippines beBeeCompliance Full time ₱600,000 - ₱1,200,000

    Job DescriptionThe Compliance and Assurance Officer is a critical role that oversees the implementation of risk management, control, and governance processes within an organization. This professional is responsible for conducting an independent and objective assessment of business processes, ensuring they align with the organization's goals and...


  • Pasig, National Capital Region, Philippines beBeeCredit Full time

    About the RoleThe Financial Credit Risk & Collections Head manages the country's credit portfolio by developing, tracking, and overseeing credit risk management policies, procedures, and underwriting frameworks. You will work with the regional risk team and country operations to ensure risk goals are met.This role offers a unique opportunity to grow...


  • Pasig, National Capital Region, Philippines beBeeRiskManagement Full time

    Risk Management SpecialistThis role involves providing oversight to fraud risk management activities, ensuring they align with the approved risk appetite and strategies. The ideal candidate will have experience in developing fraud risk management frameworks and conducting risk assessments.Key Responsibilities:Create and implement a comprehensive fraud risk...


  • Pasig, National Capital Region, Philippines beBeeCreditRisk Full time ₱500,000 - ₱1,000,000

    Risk Management SpecialistOur organization is seeking a Risk Management Specialist to join our team. This role will involve managing the bank's credit risk portfolio and developing analytical models to assess potential risks. Key responsibilities include:Preparing and recommending metrics for senior management and the board of directors to understand credit...


  • Pasig, National Capital Region, Philippines beBeeRiskManagement Full time $40,000 - $80,000

    Job TitleAs a Risk Management & Compliance Analyst, You Will Partner With Cross-functional Departments And Business Partners Globally To Enforce Compliance Initiatives And Information Security Controls In The Organization.Key Responsibilities:Investigate information security incidents, identify root causes and implement corrective actions.Track and monitor...