Common activities of IT Risk Practitioner

According to <Risk Management Policy>: Carry out IT Risk Assessment annually.
According to <Risk Management Policy>: Maintain Risk Assessment ledger, Risk Register records, KRI list, and Risk Appetite.
According to <Risk Management Policy>: Periodically generate IT Risk Monitoring report so that Management could oversee risks in a real-time manner.
According to <Change Management Procedure>: Oversee Change Risks during Change Management progress as a SME.
According to <Project Management Policy>: Oversee project Risks during Project Management progress as a SME.
According to <Third-party Management Policy>: Oversee Third-party Risks during Third-party management progress as a SME. Check Master Agreements and SOWs and ensure that remediations of IT Risk are covered.
According to <System Management Policy>: During Requirement Specification documentation period, maintain a System Security Requirement template and ensure that the template is able to integrated into each Requirement Specification document.
According to <System Management Policy>: During System Design and Implementation phases, launch Threat Modeling in order to uncover system risks in advance.
According to <System Management Policy>: During UAT phase, coordinate with project teams to complete those IT Risk-related test cases.