27th July, 2020
WHAT IS THE OPPORTUNITY?
Our client is seeking an experienced Information Technology Risk Lead who will identify, analyze, and report enterprise technology risks for executive-level business, Information Technology and information security leadership. The position will perform quantitative and qualitative analysis to support the prioritization of risk mitigation projects, measure the progress of technology risk reduction initiatives, and identify areas with high residual risk. Will be the point of contact to the First Line of Defense and will develop, collect and report metrics, Key Risk Indicators (KRI), and maintain the risk register. As a working lead, position will create presentations, briefings, and communications on technology risk issues for a variety of internal and external stakeholders; as well as help guide and mentor other information technology risk management team members.
Risk Management Division
This is a great opportunity to grow your career with a stable and expanding organization as a member of bank's Risk Management team. The focus is on ensuring business activities remain safe, compliant, and well-positioned for future opportunities and sustainable growth.
WHAT WILL YOU DO?
Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes; perform gap analysis. Correlate their own review of laws and regulations with that of other analysts and recommend changes to frameworks, policies, and standards as necessary. Track regulatory compliance and maintain up to date records of requirements and corresponding mitigating controls. Ensure that IT policies and standards comply with regulations; work with the Policy and Standards Committee when policies need to be updated or created. Work with business units to ensure controls are effective and appropriately address the relevant regulatory and security requirements they address. Complete credible challenge and oversight of the first line of defense (the business functions) as a member of the second line of defense. Coordinate with other compliance functions -- like Audit, Legal, Enterprise Risk, and Privacy -- to track compliance across the organization and pool expertise on vague or complex regulatory requirements. Clearly articulate any required modifications to information technology general controls arising from their research. Complete position analysis as required for various special information technology and information security-related risks Oversee risk management, legal, and regulatory-related requirements as needed, ensuring their timely completion. Mentor other Information Technology Risk Analysts
WHAT DO YOU NEED TO SUCCEED
Bachelor's Degree Minimum 7 years of experience in Information Technology risk assessment and analysis Minimum 7 years of experience with Information Technology or Information Security roles Minimum 4 years working for an information technology team, risk management overseeing information technology, internal audit of information technology, or within the relevant areas of a bank or financial institution. Skills and Knowledge
Certified in the Governance of Enterprise IT (CGEIT) CGEIT or CRISC Relevant experience in an IT department along with at least 6 years in banking or financial services, or equivalent experience in a consulting capacity Experience with internal control frameworks for information technology, information security, IT governance frameworks, and conducting and analyzing cyber risk assessments. Experience in the second line of defense in the three-line of defense model. Prior experience analyzing and applying regulatory requirements to information technology and information security practices Familiarity with changes and trends in the regulatory landscape Demonstrated organization, facilitation, communication, and presentation skills Demonstrated ability to lead and execute across a range of businesses and functions with differing issues and interdependencies Experience in designing and executing management testing of key controls, evaluating controls for effectiveness and efficiency. Demonstrate knowledge and aptitude for methods for scoring, calculating, and quantifying risk. Must be able to effectively articulate ideas through verbal and written communications. Experience with MS Excel, eGRC systems, such as Archer or RSAM Prefer certifications: CISSP, CISA, CISM, CGEIT, CRISC, FAIR or related certifications
Apply For Job