Job responsibilities
- Works across products to help ensure delivery against business objectives while coordinating reporting and communications plans for portfolio management operations and change initiatives
- Enables operational efficiency by supporting training, maturation, needs assessments, and continuous improvement practices
- Drives adaptation and modification of our product-line framework to ensure cross-product priorities, sequencing, and trade-offs are realized
- Implements a product-level collection strategy consisting of controls, financials, and resourcing needs
- Ensures that the organization has rigor and established processes that allows the product to demonstrate adherence to audit, regulatory requirements and managing risks that could impact the business.
- Conduct regular risk assessments to identify potential concerns and vulnerabilities in the product development lifecycle.
- Evaluate the impact and likelihood of identified risks and develop mitigation strategies. Maintain a risk register and ensure that all identified risks are documented and tracked.
- Develop and implement controls to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements. Identify opportunities for preventative controls and or automated controls. Ensure controls are appropriately designed to mitigate risk.
- Oversee controls to ensure evidence can be produced to demonstrate control performance/effectiveness. Ability to write procedures, issues, action plans.
- Monitor the effectiveness of controls and update them, as necessary. Conduct regular audits and reviews to ensure compliance with established controls.
- Ensure that product development processes comply with relevant laws, regulations, and industry standards. (GDPR, local/regional etc.). Assist in internal and external audits and ensure that any findings are addressed promptly. Stay updated on regulatory changes and ensure that the product team is informed and compliant. Maintain comprehensive documentation of risk assessments, controls, and policies.
Required qualifications, capabilities, and skills
- 5+ years of experience or equivalent expertise in program management or performance optimization.
- Proven ability to manage and implement operational effectiveness initiatives.
- Proven ability to operate within the product development life cycle and agile methodologies.
- Minimum 5 years of experience in risk management, IT audit, cybersecurity, or a related field within a technology organization.
- Certified Information Systems Security Professional (CISSP) and Certified in Risk and Information Systems Control (CRISC).
- Leadership Experience: Experience leading teams or projects, particularly in a risk management or technology context.
Preferred qualifications, capabilities, and skills
- Industry Experience: Experience in the specific industry of the product organization (e.g., fintech, healthcare, e-commerce) can be highly valuable.
- Certified Information Systems Auditor (CISA) / Certified Information Security Manager (CISM)
- IT Infrastructure: Strong understanding of IT infrastructure, including networks, databases, cloud services, and application development.
- Cybersecurity: Knowledge of cybersecurity principles, practices, and frameworks.
- Risk Assessment Tools: Proficiency with risk assessment tools and methodologies.
- Regulatory Knowledge: Familiarity with industry standards and frameworks such as ISO 27001, NIST, COBIT, ITIL, GDPR, and other relevant regulations.
- Exceptional interpersonal skills; exceptional collaboration and relationship building skills. Solid critical thinking, attention to detail and analytical skills.