A “Silicon Valley Bank Risk Management Department” T-shirt is the latest in ironic workwear. Not that SVB seems to have much risk management – their Chief Risk Officer stepped down in April last year, and the position was vacant for eight months.
Does anybody have the Risk Manager position in your IT organization? Every project creates a risk matrix and mitigates the worst risks, but once the project is complete, risk management evaporates in many organizations. The CISO does some risk management, but many IT risks are outside her remit. And risk management falls squarely in the “important, not urgent” category that always gets pushed to the back of the task list…