Apply on Employer Site

Invesco · 1 day ago

Sr. Manager, Information Risk & Controls

Atlanta, GA

Full-time

Hybrid

Senior Level

7+ years exp

Invesco is one of the world’s leading independent global investment firms dedicated to rethinking possibilities for clients. The Sr. Manager of Information Risk and Controls is responsible for advancing risk management evolution and overseeing the effectiveness of the second line of defense while improving the execution of the first line of defense in managing information risks.

FinanceFinancial ServicesVenture Capital

Responsibilities

Leading Risk Identification and Mitigation: Spearhead the identification, assessment, and mitigation of technology, cybersecurity, data, and privacy risks, including those tied to infrastructure, cloud, and AI/ML technologies, data governance, data quality, data lineage, cyber threats, evolving privacy regulations, and emerging risks, ensuring a robust risk posture amidst evolving trends

Framework Implementation: Develop and implement a robust information risk and control framework to enhance the firm's second line of defense capabilities in overseeing information security, data governance, and technology risks

Risk Analysis and Monitoring: Analyze current and emerging information security, data governance, and technology risks, developing Key Risk Indicators (KRIs) to monitor the adequacy, quality, and efficacy of controls. Apply specialized knowledge and broad acumen across facets of all domains, including cybersecurity, technology, cloud, data governance, privacy, and support third-party risks

Collaboration and Oversight: Partner with the first line of defense data owners, data stewards, and technology teams, and collaborate with Internal Audit, Global Compliance, and Risk teams to review and strengthen the control environment, improve processes related to information and data governance risk management, and provide independent second-line checks and challenges. Foster collaboration with the broader internal risk community and key global business stakeholders to ensure a cohesive approach to risk management across the organization. Conduct research and analysis, leveraging data to derive valuable insights and actionable recommendations for stakeholders

Policy and Governance Leadership: Lead the development and implementation of risk management policies, procedures, and a governance structure, ensuring appropriate risk oversight, reporting, and compliance with regional regulatory requirements

Industry Engagement: Engage with industry networks and associations to stay updated on developments in technology, operational, data governance, and security risk management, sharing insights with relevant business functions

Risk Awareness: Drive risk awareness among employees through training and education, promoting a culture of risk consciousness

Team Leadership: Provide strategic leadership to the Information Risk Management team, fostering a culture of continuous improvement and excellence, and engaging with senior stakeholders to deliver insightful reports and recommendations on the risk landscape

Qualification

Risk Management ExperienceInformation Risk ExpertiseFramework ImplementationTechnicalSecurity ExperienceEmerging Technology KnowledgeAnalytical AbilitiesCommunication SkillsIndustry PreferenceCertificationsTeam Player

Required

7–10 years of risk and control experience, with at least 5 years driving risk management across various lines of defense in a global banking/financial services environment or international risk consulting with financial services experience

Strong understanding of complex technology, data governance, and cybersecurity concepts, including core technology and security principles

Hands-on experience defining and implementing information risk management and control frameworks, emphasizing integration of data governance

Experience with major cybersecurity, technology, operational risk, and data governance frameworks and standards such as NIST CSF, CRI Cybersecurity Profile, CSA Cloud Controls, CCM (Cloud Controls Matrix), ISO 27000 series, COBIT, and Basel Operational Risk Principles

Experience delivering and assessing security solutions across major cloud service providers (AWS, Azure, GCP) platforms

Ability to build consensus through data-driven communication and presenting factual, relevant information

Advanced analytical skills with the ability to exercise judgment and solve complex problems

Demonstrated leadership skills and ability to work well with others in a dynamic, team-oriented environment

Working knowledge of current and emerging technologies, including cloud computing, AI/ML, and automation tools

An undergraduate degree is required

Certification in at least one of the following: CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CIPP (Certified Information Privacy Professional), etc