Fredericton (hybrid/ remote), NB · Information Technology
Description:
• Engage with key stakeholders to identify objectives and goals of the IT Risk Management Program.
• Gather and document business requirements of the IT Risk Management Program by performing elicitation and coordination tasks with stakeholders.
• Review existing IT Risk governance and program documentation, and capture undocumented processes, developing a picture of current state, including maturity levels across various business capabilities.
• Help to establish a IT Risk governance framework which will ensure ongoing oversight and management of the IT Risk Management Program;
• Review IT Risk policies, standards and procedures, evaluating in accordance with industry best practices and regulatory requirements.
• Complete assessment of current state Risk Management practices across the organization. § Identify and implement any short-term opportunities to improve current Risk Management processes. § Focus on improving the Divisional Risk Register’s data.
• Define Technology Services’ Risk Taxonomy
• Establish definitions that provide a clear and precise explanation of the meaning of “Risk” versus an “Issue” vs “Workplan Item”.
• Define Technology Services Hierarchy of Risk Management § Define risk ownership at a Unit Level, Branch Level or Divisional Level, Ex.
• Define principles and criteria used to define if a risk is managed at a Unit Level, Branch Level or Division Level (escalation criteria/triggers/measures)
• Ensure that that the Risk Management Program removes silos and supports standardization and mitigation of shared risks across parts of the organization.
• Define technologies (tools stet) to establish a centralized Risk Register & Dashboards to support risks sharing across the organization.
• Develop educational / training material for Technology Staff related to the Risk Management Program.
• Ensure that the Risk Management Program captures the right level of data and measures to allow for the integration of risks into organizational decision making.
• Define monitoring and/or compliance processes and/or procedures that ensure the organization is following the established Risk Management Program practice and identifies areas to improve efficiency, effectiveness, and benefit realization.