ISACA is a global professional association and learning organization that leverages the expertise of its 180,000+ members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through the ISACA Foundation, ISACA supports IT education and career pathways for underresourced and underrepresented populations.

This position will establish and improve risk management processes, policies, and risk performance measures for ISACA. Working with a wide array of business partners, the Director, Enterprise Risk Management will ensure that ISACA's key enterprise risks are minimized, while consistently managing the risk register. The position will work closely with the leadership team to ensure ERM is closely managed according to key frameworks such as the NIST Cybersecurity Framework.

• Implement and maintain risk policies to identify, monitor and manage ISACA's business risks, aligning with the required Framework.
• Utilize OneTrust and/or other ERM tools to analyze and report enterprise risks to the Senior Leadership Team and the Board of Directors.
• Oversee ISACA's risk assessment processes, including conducting risk reviews and developing policies and programs to manage risk effectively.
• Develop tactical plans for ERM projects and processes aligned with ISACA's strategic direction; support and monitor the execution of these tactical plans.
• Establish metrics to demonstrate ISACA's alignment with its risk appetite, based on guidance set by the Senior Leadership Team and the Board of Directors.
• Create a communication plan to ensure regular updates from risk owners and approvers to the risk register.
• Manage direct report(s), setting clear goals, supporting professional development, and fostering high engagement within ISACA.

NON-ESSENTIAL JOB FUNCTIONS

• Special projects as assigned by the CFO or ISACA Leadership.
• Supporting cross-functional initiatives while staying update on industry trends.
• Conduct Risk awareness training or assist in crisis management/incident response.

 

 

 

Minimum Years of Experience Required: 7

Minimum Relevant Experience Required: Work experience in risk management. Understanding of best practice in ERM and operational risk. Working knowledge of ERM frameworks such as NIST, COSO, ISO, etc.

Preferred Years of Experience:

8-10 years experience in risk manatgement with at least 3-5 years in a senior leadership role.

Certification and Licensing Preferred:

CRISC, CRM or CRP

 

Competencies/Skills Required:   

• Strong understanding of ERM frameworks (COSO, NIST, ISO 310000)
•  Excellent Analytical skills with the ability to interpret complex data and trends and present findings to executive team
• Proficient in risk management tools and software 
• Strong communication skills to effectively present risk information to executive leadership and board members 
• Ability to work cross-functionally with various departments 
• Analytical Thinking 
• Leadership and Development  
• Communication and Influence 
• Decision-Making 
• Adaptability and Resilience 

ISACA is proud to be an equal opportunity employer. ISACA is committed to building an environment of diversity, equity, and inclusion where equal employment opportunities are available to all applicants and employees without regard to race, color, religion, sex (including pregnancy and gender identity), national origin, age, ancestry, disability, genetic information, citizenship, sexual orientation, veteran status, marital status, familial status, military discharge status, or any other characteristic or status protected by federal, state, or local law. We support an inclusive workplace where employees excel based on merit, qualifications, experience, and ability.