Information Security & Technology Risk Manager

Provides expert security and risk guidance to projects, ensuring alignment with the company’s risk framework. Participates in reviews and assessments to identify and mitigate threats while supporting secure tech delivery.

Title: Information Security & Technology Risk Manager, Projects

Duration: 12 months

Work Type: Full time, Contract

Industry: Banking & Financial Services

Work location: Hybrid (remote and in-office) – Applications open to Caribbean (CARICOM) residents

Role Overview: The Information Security & Technology Risk Manager provides expert consulting to project teams on information security and technology risk matters, ensuring alignment with the organization’s risk management framework. This role actively participates in project meetings, security reviews, system walkthroughs, and risk assessments to identify and mitigate potential threats, while supporting the secure delivery of technology solutions.

Key Responsibilities:

• Review solution designs, architecture diagrams, and project documentation to assess feasibility and identify security risks.
• Conduct security risk assessments on applications, infrastructure, business processes, and third-party vendors.
• Collaborate with internal teams and external partners to interpret penetration test results and ensure code scans are completed for all deployments.
• Track and manage issues identified during risk assessments (e.g., TRA, ISA, PEN Tests, Code Scans), ensuring appropriate mitigation or escalation where necessary.
• Provide security risk consulting to project teams, ensuring alignment with the organization’s security policies, standards, and risk appetite.
• Support the development and execution of risk-based assessment schedules for business-as-usual (BAU) activities.
• Review contracts and third-party arrangements to ensure adequate protection of the organization’s information assets.
• Produce clear and actionable threat risk assessment reports with practical mitigation strategies.
• Balance security concerns with business objectives, offering risk-based recommendations to support informed decision-making.
• Work with Technology teams to ensure identified vulnerabilities are addressed in a timely and effective manner.
• Generate KPIs, track trends, and report on information security risk posture and program effectiveness.
• Stay current on regional financial regulations, security frameworks, and industry best practices.
• Serve as a subject matter expert on information security risk management standards, policies, and procedures.

Qualifications & Experience:

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Professional certifications such as CISSP, CISM, CRISC, or equivalent are strongly preferred
• Minimum 5–7 years of experience in information security, IT risk management, or a related field, preferably within banking or financial services.
• Demonstrated experience conducting threat risk assessments, security reviews, and third-party/vendor risk evaluations.
• Solid understanding of regulatory requirements and security standards (e.g., ISO 27001, NIST, PCI DSS, GDPR, SOX).
• Experience collaborating with technical teams, project managers, and external vendors to implement risk mitigation strategies

Key Competencies:

• Deep understanding of information security principles, threat landscapes, and risk management methodologies.
• Strong analytical skills to assess complex systems and recommend practical, risk-based solutions.
• Excellent communication and stakeholder engagement skills to influence decision-making across business and technical teams.
• High attention to detail, with the ability to manage multiple risk reviews and assessments concurrently.
• Proactive mindset with a commitment to staying current on security trends, regulatory changes, and industry best practices.
• Ability to balance business needs with security requirements in a high-stakes, regulated environment.