Enterprise Technology Risk & Compliance ManagerThe Enterprise Technology Risk & Compliance Manager is responsible for managing and delivering strategic risk management and governance activities across Downer Digital and Business Units.At Downer we plan, create and sustain. Downer is the leading provider of integrated services in Australia and New Zealand. Through trusted relationships and world-leading insight, we work closely with our customers to design, build and sustain assets, infrastructure, and facilities.Downer Group is seeking an experienced Enterprise Technology Risk & Compliance Manager who will be responsible for managing and delivering strategic risk management and governance activities across Downer Digital and Business Units. This includes managing the risk register, assurance, and compliance activities. This role can be based in Sydney, Melbourne, or Brisbane with hybrid working arrangements available.This role will be responsible for, although not limited to:Identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business.Coordinating the development of countermeasures and contingency plans.Providing advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.Obtaining and acting on vulnerability information and conducting security risk assessments, business impact analysis, and accreditation on complex information systems.Ensuring that projects, teams, and functions have appropriate practices in place and are meeting required organizational quality levels.Providing advice to management on ways of improving the effectiveness and efficiency of their control mechanisms.Identifying and evaluating associated risks and how they can be reduced.Identifying the communications and relationship needs of stakeholder groups.Translating communications/stakeholder engagement strategies into specific activities and deliverables.Facilitating open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining, and working to stakeholder engagement strategies and plans.Skills and Experience6+ years in enterprise technology risk management and compliance role.Prior experience in compliance and/or regulatory environments and the adoption of ISO/IEC standards.ISO 31000 risk management framework and standards related to security and privacy compliance, including the implementation and adoption of ISO 27000/1.Experience in GRC, Policy, Compliance, and risk management tools and technologies with advanced skills in data analysis and reporting.Knowledge of technology risk and compliance, risk management strategy, understanding relevant regulatory requirements, technology risk and control environment, and governance.Experience in delivering enterprise technology risk assessments.Responsible for executing technology risk strategy and compliance.Understanding of compliance issues (ISO 27001, SSAE 16, NIST, PCI, GDPR, etc.) and regulatory requirements.Strong communication and presentation skills.The ability to lead large groups and be a primary facilitator.Comfortable working in a complex, agile environment and matching outcomes to expectations.Ability to work easily with diverse and dynamic teams.Strong influence and negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams and business units.Good understanding of and experience in external and internal audits.Experience in overseeing IT audits and managing the entire lifecycle for risk treatment and corrective action plans.QualificationsBachelor's degree in information technology, computer science, business administration, or a related field.Certifications in Audit (CISA), Risk Management, and Project Management highly desirable.
#J-18808-Ljbffr
