FINCA International, one of the world's leading microfinance institutions, provides financial services to more than 950,000 clients through 21 wholly-owned and operated subsidiaries in Africa, Eurasia, Latin America and the Greater Middle East.
FINCA International is looking for a Manager of FINCA’s IT Governance, Risk & Compliance (IT GRC) program. Reporting to the Director of Information Protection, you will be responsible for developing and managing FINCA’s IT and information security GRC program. The role will be responsible for tracking compliance with existing information protection policies, and for additions, enhancement and modification of such policies as required. The role will include direct interaction with the Legal and Audit functions of both FINCA International and international subsidiaries.
The GRC Manager will have a degree in Computer Science or equivalent and 10+ years of demonstrated experience in governance, risk management and compliance at increasing levels of authority, or the equivalent combination of education and experience. Experience in managing IT risk and compliance for multinational, financial services firms is highly desired. Successful candidates for this role will have passion, energy, and a strong commitment to FINCA’s social mission.
ESSENTIAL DUTIES include the following. Other duties may be assigned.
- Information Security Policy Governance and Compliance Monitoring
- Oversee and coordinate security efforts across the enterprise to identify appropriate security initiatives and standards, ensure adequate protection, and minimize redundant effort. Work with various stakeholders including information technology, global risk management, human resources, communications, legal, facilities management, and others
- Policy and Procedure Development
- Enhance, maintain and communicate comprehensive company wide information protection plans, policy, guidelines and procedures
- Manage, track, and report corporate compliance with FINCA’s information security programs and policies across FINCA International and all international subsidiaries
- Strategy Development
- Conduct risk assessments of FINCA’s information assets, using and refining FINCA’s Information Protection Risk Assessment process to identify operational risks
- Use automated and manual processes to perform ongoing risk assessment, reporting, and remediation
- Governance of information protection policies to complement business strategies and requirements
- Regulatory Tracking and Communication
- Solicit IT and security-related regulatory requirements across relevant jurisdictions from corporate and subsidiary legal teams
- Research and document impact of changing regulations to FINCA IT and information protection programs
- Collaborate with IT to develop and document action plans in response to regulatory requirements
- Advisory and Consulting
- Review and provide feedback on 3rd-party contracts to ensure their compliance with FINCA’s information protection policies and reduce our risk exposure
- Assist with or participate in external or internal audits as required by providing expert opinion on information risk governance and information protection matters
- Consultation with Internal Audit, Legal and Human Resources, to develop and implement organization-wide information protection training programs as required
- Management
- Mentor other FINCA International staff in IT GRC
- Train designated IT staff from subsidiaries to support organizational Governance, Risk and Compliance requirements
COMPETENCIES
To perform the job successfully, an individual should demonstrate the following competencies:
- Change Management - Develops workable implementation plans; Communicates changes effectively; Builds commitment and overcomes resistance; Prepares and supports those affected by change; Monitors transition and evaluates results.
- Project Management - Develops project plans; Coordinates projects; Communicates changes and progress; Completes projects on time and budget; Manages project team activities.
- Analytical - Synthesizes complex or diverse information; Collects and researches data; Uses intuition and experience to complement data; Designs work flows and procedures.
- Written Communication - Writes clearly and informatively; Edits work for spelling and grammar; Varies writing style to meet needs; Presents numerical data effectively; Able to read and interpret written information.
- Adaptability - Adapts to changes in the work environment; Manages competing demands; Changes approach or method to best fit the situation; Able to deal with frequent change, delays, or unexpected events.
- Judgment - Displays willingness to make decisions; Exhibits sound and accurate judgment; Supports and explains reasoning for decisions; Includes appropriate people in decision-making process; Makes timely decisions.
QUALIFICATIONS
- Track record of successfully developing and implementing information secvurity and IT risk governance strategic plans
- 5+ years experience supporting financial services firm, with in-depth understanding of financial services business model, and requirements for supporting IT and information security
- Demonstrated ability to effectively communicate with senior level executives and board members, and ability to successfully interact with and influence business partners in the achievement of the organization’s business results
- Ability to engage and educate different functional areas on information security compliance requirements and the IT component of business risk management
- Demonstrated ability to drive change in an organization through communication, leadership, influencing and leadership skills
- Self-starter with high energy to meet the needs of a demanding business and IT environment
- Collaborative and flexible style
- Mature management and presentation skills, demonstrated effective verbal and written communication skills and interpersonal skills, particularly cross-departmental influence
- Strong technical and business acumen with a proven track record of being able to work and communicate to technical and non-technical associates
- Strong commitment to FINCA’s social mission
EDUCATION & EXPERIENCE
Must have skills:
- 10+ years of increasing experience in Information Security, IT Risk Management, IT Governance and/or Compliance
- Degree or equivalent in Information Security, Information Systems, Information Technology, or Business
- Previous experience in achieving results through a matrixed organization and demonstrated ability to drive toward achievement of results by establishing accountabilities and ensuring team members meet objectives
Preferred but not required skills:
- Experience dealing with IT GRC issues in a global context
- 5-year minimum international experience at company of 5,000+ employees preferred
- Experience working in multi-currency / accounting standards / regulatory environments preferred
- Experience with COBIT
LANGUAGE SKILLS
- Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
- Ability to write reports, business correspondence, and procedure manuals.
- Ability to effectively present information to and respond to questions from executive management and IT professionals.
- Fluency in English required
- Fluency in Spanish and/or Russian desirable
TRAVEL REQUIREMENTS
Ability and willingness to travel to developing countries (up to 25% travel)
COMPUTER SKILLS
Proficient with MS-Office software, including Word, Excel, PowerPoint, Visio and Project
CERTIFICATES
Certifications in information security (CISSP, CISM, CISA) and GRC tools (e.g. Archer) desirable
FINCA International Inc. is an Equal Opportunity Employer.
