Job Description
Job Description
The Crosby Company is a family office responsible for wealth management and preservation for multiple branches and generations of a single family. The Crosby Company provides middle and back-office services to various individual businesses including Curatorial, Foundations, Investments, Trust, Tax and Private Real Estate.
The Senior Risk Manager will report to the Risk Team Lead, and will be responsible for the design, implementation, and support of risk mitigation protocols relative to Financial, Technology, Operational, and Transaction risks, including a focus on cyber security, information security, vendor management, employee training, and business continuity as well as applicable monitoring and reporting.
POSITION DUTIES : Responsibilities :
Management Support
- In collaboration with the Risk Team Lead, help managers at all levels across the organization ensure that risk management is embedded at an operational level within the business and that staff at all levels are aware of and manage risk as a core part of their responsibilities.
Cyber Security
Support the implementation and ongoing management of the NIST Cybersecurity Framework (CSF) to enhance the organization’s security posture.Ensure cyber security measures and controls are implemented, monitored, and periodically upgraded.Ensure controls are in place to protect digital files and information systems against unauthorized access, modification or destruction.Provide guidance and oversight to team for monitoring areas such as data loss prevention, access, system patching and unauthorized software.Work with support team to provide necessary information regarding security breaches to determine their root cause.Collaborate with the applicable service provider relative to cyber / virus related issues or data loss situations.Recommend and assist with installation of appropriate security tools and countermeasuresDefine, implement and maintain corporate security policies.Information Security
In collaboration with the Risk Team Lead, the Information Technology / Systems group, and applicable service providers, develop and ensure maintenance of a comprehensive suite of Information Security policies and procedures aimed at reducing physical and logical risk within the company. Introduce such procedures to business units and confirm periodic awareness training is conducted as appropriate.Provide oversight to team for new staff training and periodic staff awareness in areas such as : cyber security, protection of confidential corporate and client information, response to data loss / theft, etc.Manage the Physical Security service provider, and ensure physical access granted to company’s employees is periodically reviewed.Collaborate on new projects or initiatives by business units to ensure that cyber security and physical and logical security are adequately considered in the context of each.Provide guidance to team and staff on established access roles to facilitate access granting. Establish and confirm periodic monitoring of such access appropriateness, research unauthorized or unusual access and escalate exceptions as appropriate.Vendor Management
Assist with contract review and negotiation.Ensure technology risk reviews of new and existing vendors are taking place and participate in the review as needed.Confirm that a risk mitigation plan is in place and completed for identified vendor risks.Business Continuity
Manage the development, implementation, approval, distribution, training and maintenance relative to the company’s Business Contingency Plan.Oversee the scheduling and execution of alternate site testing, awareness training and call tests and track all issues documented until resolved.Backup the Risk Team Lead as required for response to emergency and / or business interruption situations at the company’s Salem location. Collaborate with the COO and applicable Senior Management to move to alternate sites. Coordinate recovery activities at the company’s Salem location in the event of a disaster. Resolve conflicts and problems as needed and maintain command center communications.Risk Management & Other
Manage the reporting and escalation of Company risks to senior management as appropriate.Provide guidance and support for risk mitigation activities and monitor to completion.Ensure appropriate risk acceptance and exceptions are in place and tracked accordingly.Assist with and periodically lead the implementation of business initiatives.Assist with the definition of project scope, goals, deliverables and milestones.Define project tasks and resource requirements, and manage to project completionQUALIFICATIONS :
Bachelor’s Degree or equivalent.10 years of risk management experiencePossession of industry-recognized certifications such as Certified Cloud Security Professional (CCSP), or Certified Information Systems Security Professional (CISSP) preferred.Detail-oriented is a must.Strong issue identification and problem-solving skills.Proven collaboration skills.Proficient in Microsoft Office suite.Comfortable with and adept at learning new technology interfaces and software packages.Strong time management, organizational, and prioritization skills with the ability to multi-task and meet deadlines.Excellent interpersonal, written and verbal communication skills.Proactive and positive attitude, highly motivated, self-directed with minimal daily supervision.Demonstrated flexibility in adapting to new and varying situations.We are an Equal Opportunity Employer . We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences comprising our workforce. We do not discriminate based on race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability status, genetic information, gender identity or any other applicable characteristics protected by law. We are committed to building an inclusive, high-performance organization reflecting diverse backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be
