Desired Skills and Experience

  • Understand technology from a strategic perspective as it relates to managing risk in the organization
  • Drive a risk mitigating culture to proactively identify, assess, and manage inherent risks within our platforms and services
  • Drive effective risk mitigating controls designed, deployed, and monitored by the application owners, developers, and support teams
  • Collaborate with Audit, Information Risk Management, TPRM, business oversight and control functions, and the Banking Technology teams to drive transparent, measurable, and sustainable control improvements; Develop and maintain strong business and technology relationships, becoming a trusted partner to these groups
  • Ensure that technology control issues and gaps are documented clearly and that realistic remediation plans are developed to address them, as well as investigating and resolving control incidents
  • Proactively work with technology and product managers to identify potential issues and ensure effective remediation
  • Engage with application development (AD) teams on an on-going basis for BAU risk activities as well as project initiatives.
  • Provide leadership and advise on material remediation activities ensuring appropriate resolution of issues
  • Monitor existing technology issues and actions and support the closure verification process 
  • Promote the corporate self-assessment programs (RCSA and ACA) ensuring technology owners are assessing the technology risk in their environments identifying breaks in their control effectiveness
  • Complete quality assurance reviews of various control assessment programs
  • Provide quality assurance (QA) over the self-assessments to ensure they meet corporate compliance
  • Communicate risk and other control findings and develop recommendations for resolution
  • Provide technical risk project consultancy for technology teams rolling out new products in the firm so that they are secure from the start and fully compliant with the firms risk policies and standards
  • Enforce compliance with Firm-wide risk reduction programs   
  • Develop reporting with key, focused messages to enable constituency to understand their risk position
  • Identify opportunities for process improvements to deliver increasing efficiency within the Risk & Control framework.
  • Escalate issues to senior management as warranted
  • Manage any other assigned duties as required
  • Bachelors degree or equivalent experience
  • 7+ years of work experience in Information Risk & Security domains, IT audit or equivalent
  • 5+ years hands-on experience in application development, technology operations, infrastructure support and/or risk based projects.
  • Experience working in multinational enterprise with matrix organization
  • Strong understanding of control frameworks and industry standards including COBIT, ISO 27001, COBIT, NIST and ITIL
  • Strong understanding of IT General Computer Controls (GCCs) and Application controls
  • Experience with Internal Audits, SSAE16, SOX, and regulatory assessments
  • Payment Card Industry - PCI Qualified Security Assessor Certification
  • CISSP, CRISC or CISM/CISA qualifications preferred
  • Prior audit experience and testing of compensating controls
  • Working knowledge within the following risk domains/technologies:

SDLC / Agile Public Cloud Infrastructure Database and application security Access Administration Security Event Logging & Monitoring Vulnerability Management Disaster Recovery Unix/Linux /Wintel Understanding of network concepts * SDLC / Agile * Public Cloud Infrastructure * Database and application security * Access Administration * Security Event Logging & Monitoring * Vulnerability Management * Disaster Recovery * Unix/Linux /Wintel * Understanding of network concepts * Strong analytical background and technical skills with the ability to assess and communicate the operational, technical, and financial impact of risk findings and control issues.  * Ability to collaborate effectively with both business-oriented executives and technology-oriented personnel; interact with all levels of staff and ability to build appropriate relationships to effect strategy * Ability to negotiate compromise between diverse parties with competing equities * Ability to work independently in unstructured situations as well as in a team environment * The ability to communicate effectively with very senior levels of management as well as technologists and business personnel is critical, including the usage of business relevant terms to describe technology risks * Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues in clear and concise language * Experience writing professional documents both for internal and external purposes as well as being comfortable with presenting to senior leadership and often delivering a tough message. * Ability to manage multiple efforts simultaneously that involve key stakeholders across a large matrixed environment. Ability to develop and lead initiatives in a cross line of business technology organization, build rapport and garner respect in a collaborative cross-cultural environment * Ability to travel when required #DI

Apply