Our client, a leading bank, is looking for a Senior IT Risk Specialist to join their growing team.
03rd May, 2022
Location(s): Hicksville, NY
Job Synthesis & Description
The Senior IT Risk Specialist will assist in the implementation and execution of an effective risk based program meant to identify, measure, assess, report, and monitor risk exposures related to Information Technology ("IT"), Cybersecurity, and Information Security ("IS") through effective review and challenge on all Information Technology framework and deliverables. This role will support the ERM Strategic and Operational Risk Manager as well as interface with the Bank's lines of business ("LOB") and their respective Business Process Owners ("BPOs").
Supports the appropriate design, implementation, and/or execution of the risk management framework, e.g. risk identification, assessment, and effective second line challenge on processes across all aspects of IT and IS.
Responsible for specifying and sourcing applicable IT and IS operations' data, analyzing the information to identify the principal sources of risk and to provide management reporting to assist management and the Board in making better informed IT/IS operational business decisions with a focus on forward looking metrics.
Assesses IT and IS business risks and supports the ERM Strategic and Operational Risk Manager to ensure adequate detective and preventative controls are in place to mitigate risk.
Performs internal controls assessments of existing controls against established standards or emerging technologies to identify inherent risk and evaluate key mitigating controls.
Engages in root cause analysis and works with the appropriate groups to recommend controls and solutions when researching IT/IS related risk events, operational processes, and new regulatory initiatives.
Evaluates IT/IS risk assessments to determine design gaps in scope and control coverage.
Manages IT/IS risk events and risk action items to closure through normal incident management process.
Works with the LOB to develop relevant and measurable IT/IS key risk indicators (KRIs) and assesses periodically the adequacy/quality of IT/IS related KRIs.
Assesses the adequacy of related ERM IT and IS Risk & Control Self Assessments, e.g., risks, controls, risk scores, and integrates new or revised controls into existing Risk & Control Self Assessments.
Assesses sufficiency/completeness of IT/IS governance matters (e.g., policies/procedures) and evaluate any risks observed.
Weighs business needs against risk concerns and articulate issues and options to management.
Assists in ensuring accurate data capture of activities and IT and IS risks in support of risk reporting for all levels of management.
Actively participates in a robust review and challenges the LOB processes relative to their IT/IS Risk & Control Self Assessments and overall performance.
Provides feedback on IT/IS operational risks associated with the offering of new products and/or services and business initiatives.
Maintains awareness of, and tracks, IT/IS regulatory environment, industry relevant IT/IS standards, e.g. NIST, GLBA, FFIEC, as well as IT/IS technologies and concepts, on an ongoing basis.
Works to further develop the awareness and training on IT/IS operational risk across the corporation.
Measures, monitors and reports on IT/IS operational risk for different functions in the various operations of the Bank by analyzing IT/IS key risk indicators and other metrics.
Develops and maintains an understanding of the IT/IS portfolio of risks across the front to back office through the life cycle. Provides identification and delivery of risk mitigation solutions to the BPO's and partners with operations' areas.
Works with the operation lines to promote acceptance of the IT/IS risk framework and further embed a culture of operational risk identification and mitigation.
Demonstrates a continual improvement to the control environment and instigates behavioral change.
Produces value added risk identification and reporting which impacts senior management decision making.
Develops key initiatives related to improving IT/IS controls, implementing new IT/IS regulations, or project management work involving the advancement of the IT and IS risk framework build.
Participates and facilitates periodic reporting.
Keeps current on IT/IS technologies and regulatory and industry trends.
Bachelor's degree in computer science, MIS, or related field, or equivalent certifications or equivalent work experience.
4+ years' experience in IT Audit, preferable.
4-5+ years' relevant industry experience in IT or IS risk management, internal controls or regulatory environment.
Big 4 or CCAR bank experience, preferable.
Professional certifications -- CRISC, CISSP, preferable.