Risk Management Specialist

The primary responsibility of this role is to identify, report, and manage all risks within the assigned domain by working closely with other risk SMEs and 2nd line functions to provide transparency to known risks and ensure proper and timely prioritization, mitigation, and remediation.

Reporting to the client IT Risk Executive, the person in this role will support the IT Risk Department's objective to execute the established risk assessment frameworks for IT and Data Risk, aligning with COBIT and other IT and Data Management frameworks, and ensuring that this integrates into the overall Enterprise Risk Management framework. Through these various risk management activities, the Domain Risk Leader is ultimately responsible for ensuring releases are delivered with quality and/or the remaining risks are clearly understood to enable the business to make informed risk decisions

What you’ll be doing

• Manage the execution of a domain level risk management framework while working alongside dependent / potentially impacted domains to identify, track, and remediate technology, data, security, and business operations risks across the assigned domain
• Develops risk and control standards and best practices documentation to enable sustainable practices and consistent / appropriate reporting of risk management metrics to enable related management actions
• Continuously and accurately identify, assess, and analyze new, existing, and emerging risks and develop thorough risk mitigation plans to limit unreasonable risk exposure to the organization; incorporates risk management practice into everyday operations
• Establish self as a trusted advisor while displaying excellent communication skills, a flexible and adaptive communicative style, and lead / influence others through persuasive arguments and active listening
• Manage the issues through remediation or exception process in governance forums
• Review/Validate/Test the findings before closing the issues upon remediation
• Own generation of reports and dashboards to report risks, findings and remediation plans within the domain
• Manage control additions/updates to narratives in risk management system
• Own and drive annual technology risk assessments for the domain at least annually

What you bring

• Education: Bachelor’s degree required or equivalent experience

Experience:

• 5 years of exp in IT risk management, audit, or cybersecurity experience
• Experience with managing risk for enterprise technology/cloud platforms at scale
• Strong understanding of cloud architecture, cloud infrastructure, cloud governance, and cloud security processes
• Experience designing and enforcing technology/cloud security policies aligned with regulatory requirements
• Familiarity with security best practices for cloud infrastructure, including encryption, access control, and monitoring
• Experience with leveraging and using APIs
• Implementation and/or use of GRC systems (ex: Archer SaaS)
• Working knowledge or the principles of technology and data risk management including ITGCs, IT application controls, GLBA, Information Security, Release Management, CI/CD, control design, and testing within complex enterprise data environments.
• Deep knowledge of IT compliance frameworks such as COBIT, NIST, and ISO 27001
• Experience with operational risk management and/or auditing, Sarbanes Oxley, COSO requirements

Added bonus if you have

• Education: Master’s degree preferred
• Experience: 10 years of exp in IT risk management, audit, or cybersecurity experience
• Skills/Hands on Technical proficiency: Cloud infrastructure/architecture background a plus
• Certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM)
• Knowledge: Banking Regulations and Industry Frameworks