Our client, a Leading Bank is looking for a Senior IT Risk Analyst to join their growing team.
JOB SUMMARY
The IT Risk Analyst, Senior is responsible for executing tasks and participating in projects in support of IT's governance, audit, risk and compliance framework, policies and processes. Under limited direction, audits and assesses risk on the most complex new and existing information systems applications to ensure that appropriate controls exist, that processing is efficient and accurate, and that information systems procedures are in compliance with corporate standards. Understands IT GRC (Governance, Risk and Compliance) concepts, practices, and procedures at the highest levels.
ESSENTIAL FUNCTIONS
Participates in all aspects of audit activities including risk assessments, planning, testing, control evaluation, documentation, report drafting, issue clearance with technology stakeholders, and follow-up/verification of issue closure. Identifies risks, designs controls and creates testing procedures. Participates in both standalone technology and business integrated audits. Monitors various projects with major application development initiatives, and performing continuous risk assessments of coverage areas. Generates and maintains reporting to accurately reflect the current state of the program to senior management and regulators, while partnering with the Operational Risk Management team to ensure alignment of the bank’s IT risk control and self-assessment with the larger business risk control and self-assessment program and goals. Partners with Audit team members in other business areas to ensure the delivery of a seamless program of control and audit risk coverage. Conducts quality assurance reviews of risk control and self-assessments. Partners with IT teams to identify and correct process control design and execution issues. Facilitates GRC activities as needed with examiners (FDIC). Participates and facilitates monthly, quarterly and annual review activities. Contributes to the continued development of internal controls awareness within the IT organization. Facilitates IT SOX policies, narratives, and control self-assessment documentation. Creates and maintains IT control documentation. Manages application permission review campaigns. Develops recommendations to improve the IT internal control environment. Facilitates the remediation of IT internal control deficiencies. Participates in risk assessment activities across the IT organization, including 3rd party technical risk assessments. Participates in risk management, compliance, and internal control initiatives as needed. Performs technical research on risk topics. Keeps current on latest technologies and best practices relative to their area of responsibility. Recognizes and recommends areas needing improvement. Participates in the development of IT strategies in collaboration with IT peers and the executive team. Ensures compliance with corporate and IT policies and procedures. Integrates corporate methodologies and standards, as appropriate. May provide guidance/training to more junior staff. Performs special projects, and additional duties and responsibilities as required. Where applicable and when performing the responsibilities of the job, employees are accountable to maintain Sarbanes-Oxley compliance and adhere to internal control policies and procedures.
Requirements
EDUCATION AND EXPERIENCE
- Bachelor's degree in Technology, Accounting, Finance or Business or equivalent relevant work experience.
- Five (5) to eight (8) years of internal controls, audit, information security, risk management or technology process experience.
- CISA/CISSP/PMP preferred.
- Financial services experience preferred. Experience with compliance and/or control frameworks preferred.
- Experience with Sarbanes-Oxley compliance preferred.