Senior Manager, Enterprise Risk Management (ERM)

ActioNet, Inc. Germantown, MD
Position will oversee the day to day operations of the Enterprise Risk Management (ERM) program. It will require building effective partnerships with the business and within the Risk Department to build and sustain a robust program that includes the identification, measurement, monitoring, reporting and mitigation of risks to be within the stated risk appetite and operational limits. Will be the lead architect of the enterprise-wide risk management framework, developing analytical processes supporting risk measurement, aggregating risk information across all risk types, designing and delivering risk management reporting. Accountable for ownership of operational risk while relying on the Risk Officers for specialized analysis and reporting. The goal for these programs is to provide a robust, coordinated audit and testing protocol ensuring the most effective use of resources while ensuring an independent audit process. Reports directly to the Cyber Security program leads and will interact with all levels of senior management, including significant, ongoing exposure with other executive officers.

Duties and Responsibilities

Manage the Enterprise Risk Framework

* Develop and enhance ERM compliance strategy, practices and policies to analyze, quantify and report enterprise risks and manage risks according to an ERM framework.

* Performs a comprehensive review and analysis of material risks as it relates to Agency's strategy and priorities by monitoring internal and external factors and understanding key business initiatives.

* Lead the Agency's risk appetite framework and limit process including enhancements to the structure of appetite statements and measurement of risk exposures.

* Update and coordinate changes to the risk entity structure, risk taxonomies, risk indicators, risk limits, analytics and enterprise-wide summary risk documentation at least annually. Ensure proper linkage between the various elements of the enterprise risk process; business strategy to operational risk limits.

* Ensure the Agency's risk management policies and strategies are in compliance with applicable regulations and Government strategies.

* Lead the ongoing maintenance of risk policies, governance processes, committee charters and escalation limits and thresholds.

* Coordinate across Risk Management team to ensure alignment to the risk framework and effective information flows.

* Lead risk committee oversight activities and the effective review of the ERM Committee and subcommittees' adherence to charter requirements.

* Drive continued development and building of a risk management culture through coordination of employee awareness and training programs that emphasize the importance of risk management in all aspects of business operations and corporate decision making.

* Monitor industry developments and "ERM Best Practices" and recommend process improvements as appropriate.

* Participate in all key corporate initiatives to identify risks and mitigants.

* Enterprise Risk Reporting

* Organize and facilitate monthly ERM meetings with senior leadership to identify emerging risks in the Agency, status updates on risk events and mitigation activities

* Develop, enhance and deliver quarterly risk limit reporting for senior management

* Coordinate semi-annual stress testing with Risk Officer

* Coordinate and participate in the development, preparation and maintenance of the annual reporting

* Manage the Enterprise Operational Risk Program.

* Develop and implement programs that monitor, measure, analyze and report on operational risk exposures across the Agency

* Establish standards for the execution of operational risk programs within functional units including the reporting of operational risk incidents, execution of risk and control self-assessments, identification and reporting of key operational risk indicators, and identification and reporting of key operational risk focus areas

* Develop and enhance the operational risk scenario identification and planning process

* Establish processes for the review of operational incidents, root cause identification and control remediation and documentation

* Ensure appropriate integration of the Regulatory and Compliance risk management program, Vendor Management Program, NIST activities with the operational risk program

* Ensure appropriate integration of Internal Audit data into the operational risk program

Education & Experience

* Bachelor's degree in related IT field. Master degree preferred.

* Preferred to hold a recognized ERM professional certification (CRMA, CRMP,CRM, CERA).

* Management/Supervisory experience required.

* Experience with Internal Control or Audit Programs.

* Success presenting to senior management, agencies and regulators.

* Demonstrated ability to influence others at every level

* Minimum 10+ years working in a dynamic, fast paced multi-Project environment

Skills and Abilities

* A self-starter with the ability to work as part of a cross-functional team either with or without supervision.

* A people person with excellent communication skills

* Flexible and influencing

* Strong analytical skills and good attention to detail

* Tenacious, determined and able to deliver results within specified constraints

* Able to build and maintain effective working relationships at all levels