Generic description:
Implements the management of risk across information systems through the application of the enterprise defined risk management policy and procedure. Assesses risk to the organisation's business, including web, cloud and mobile resources. Documents potential risk and containment plans..

Competence area: e-CF area E. Manage

Proficiency levels:
e-CF level Description Profiles (CWA16458)
2 Understands and applies the principles of risk management and investigates ICT solutions to mitigate identified risks.
3 Decides on appropriate actions required to adapt security and address risk exposure. Evaluates, manages and ensures validation of exceptions; audits ICT processes and environment. ICT consultant, ICT operations manager, ICT security manager, Project manager, Quality assurance manager
4 Provides leadership to define and make applicable a policy for risk management by considering all the possible constraints, including technical, economic and political issues. Delegates assignments.

Knowledge examples (Knows /aware of/ Familiar with:)

  • K1 apply risk analysis taking into account corporate values and interests
  • K2 the return on investment compared to risk avoidance
  • K3 good practices (methodologies) and standards in risk analysis

Skill examples (Able to:)

  • S1 develop risk management plan to identify required preventative actions
  • S2 communicate and promote the organisation's risk analysis outcomes and risk management processes
  • S3 design and document the processes for risk analysis and management
  • S4 apply mitigation and contingency actions