Talent.com
Enterprise Risk Manager

Enterprise Risk Manager

The Crosby CompanySalem, NH, United States
10 hours ago
Job type
  • Full-time
Job description

The Crosby Company is a family office responsible for wealth management and preservation for multiple branches and generations of a single family. The Crosby Company provides middle and back office services to various individual businesses including Curatorial, Foundations, Investments, Trust, Tax and Private Real Estate.

The Enterprise Risk Manager will report to the Team Lead - Risk Management, and will be responsible for making recommendations with respect to and the implementation and support of risk mitigation protocols relative to Financial, Technology, Operational, and Transaction risks, with a focus on cyber security, information security, vendor management, employee training, and business continuity as well as applicable monitoring and reporting.

This position is also responsible for participating in multiple enterprise initiatives providing security and controls expertise and support to the project.

POSITION DUTIES / ACCOUNTABILITIES :

Cyber Security - Regularly exercises discretion and independent judgment with respect to the following duties to mitigate risk to prevent financial and reputational damage to the company and its clients :

  • Plan, implement and upgrade cyber security measures and controls.
  • Ensure controls are in place to protect digital files and information systems against unauthorized access, modification or destruction.
  • Monitor reporting in areas such as Data Loss Prevention, access, system patching and unauthorized software.
  • Support efforts in responding to security breaches to determine their root cause.
  • Collaborate with the applicable service provider relative to Cyber / virus related issues or data loss situations.
  • Recommend and assist with installation of appropriate security tools and countermeasures.
  • Formulate, define, implement and maintain corporate security policies.

Information Security :

  • Monitor the current threat landscape and make recommendations of education needed with respect to employee population.
  • Continuously assess the threat landscape to enhance employee awareness of emerging risks and their potential impact on the organization and make recommendations with respect to new policies or practices to be implemented.
  • Formulate and maintain a comprehensive suite of Information Security policies and procedures aimed at reducing physical and technological risk within the company.
  • Prepare and provide new staff training and periodic staff awareness in areas such as : cyber security, protection of confidential corporate and client information, response to data loss / theft, etc.
  • Liase with the Physical Security service provider, periodically reviewing physical access granted to company's employees.
  • Collaborate on new projects or initiatives by business units to ensure that cyber security and physical and logical security are adequately considered in the context of each.
  • Maintain and share with applicable personnel the established Access Roles to facilitate access granting. Conduct periodic monitoring of such access appropriateness, research unauthorized or unusual access and escalate exceptions as appropriate.
  • Collaborate with the applicable service provider relative to Cyber / virus related issues, or data breach / loss situations; assemble data and make recommendations regarding courses of action with respect to risk issues.

    • Vendor Management :

  • Manage the annual vendor review process.
  • Perform risk assessments on both new and existing vendors to evaluate financial stability and ensure they do not pose a threat to the organization's data security; make recommendations with respect to courses of action with respect to same.
  • Assist with vendor contract review, including using discretion and independent judgment to assess risk levels.
  • Request and participate in technology risk reviews of new and existing vendors.
  • Ensure risk mitigation plan is in place and completed for identified vendor risks.

    • Business Continuity :

  • Develop and maintain business continuity and disaster recovery plans that ensure the uninterrupted operation of people, processes, and technologies during disruptive events.
  • Support and assist the Business Continuity Manager with all annual DR / BCP related activities, based on the Company's Business Continuity Policies.
  • Responsible for establishing, maintaining and implementing the scheduling and execution of alternate site testing, awareness training and call tests and track all issues documented until resolved.
  • Coordinate the recovery activities at the company's Salem location in the event of a disaster. Resolve conflicts and problems as needed and maintain command center communications.
  • Work with third party service providers to establish a clear business continuity support process for CCNH in the case of a significant event that impacts applications or services.
  • . Risk Management & Other :

    • Keep abreast of risk mitigation by managing the following established key risk items and continuously improve on them :

  • Risk Reports : maintain and distribute to Senior Management, quarterly Risk Reports, informed by :

    • Updates to previously identified items.

  • New identified risk items, including identified internal or external audit issues.
  • New identified items as a result of deteriorating Key Performance Indicators
  • KPIs : Periodically obtain business unit input and follow established procedure regarding escalation and documentation.
  • KPIs : Periodically obtain business unit input and follow established procedure regarding escalation and documentation.
  • Assist with and periodically lead the implementation of business initiatives.
  • Make recommendations with respect to the definition of project scope, goals, deliverables and milestones.
  • Define project tasks and resource requirements and manage to project completion

    • QUALIFICATIONS :

  • Bachelor's degree and minimum seven years of risk related experience.
  • CISSP Preferred. Other highly desirable security certifications may be substituted for CISSP (e.g., CISM)
  • Ability to clearly and concisely articulate your message (written / verbal) to engage with all levels across our organization.
  • IT savvy including advanced Microsoft Office skills to develop business cases and provide executive summaries. analytics and reporting experience desired
  • Proven ability to manage risk situations and communicate with senior management, fostering discussions to mitigate risk.
  • Ability to manage multiple priorities at one time, while staying organized and paying attention to deliverables
  • Highly motivated, self-started that needs minimal daily supervision.
  • Strong collaboration, issue identification and problem solving skills.

    • The Crosby Company Of New Hampshire LLC is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

    Create a job alert for this search

    Enterprise Risk Risk • Salem, NH, United States