What are the responsibilities and job description for the IT Risk Officer position at Dollar Bank, FSB?
Do you enjoy helping organizations understand and manage IT risk? If so, this is the position for you. You will be able to showcase your skills by monitoring, performing, and managing compliance testing, issuing test findings, follow-up testing, and assist with correcting deficiencies. In this role, you will have an opportunity to collaborate with multiple IT teams, Information Security Governance, and Internal Audit on all compliance initiatives associated with, but not limited to Sarbanes Oxley (SOX) 404, FFIEC IT Handbooks, and GLBA as related to protecting sensitive customer data. This is a hybrid position.
Principal Activities and Duties:
*Work with IT, IS Governance, and business personnel to conduct ADHOC and recurring risk assessments.
*Contribute to the Architecture Working Group, Vulnerability Management Committee, and Information Security Committee, interfacing with technical staff to assist in understanding, scoring, prioritizing, and remediating risk associated with products and initiatives presented to the group.
*Conduct IT operational risk assessments to identify risk and controls gaps and participate in group efforts to find sustainable solutions for executing resultant risk mitigation projects.
*Identify areas of IT risk and approaches to address those risks (systems, processes, and practices).
*Recommend enhancements and changes to existing policies, controls, and standards based upon the evolving operating and threat landscape.
*Plan, perform, and report the results of internal compliance assessments and audits against the existing system.
*Ensure IT Controls are maintained and updated in accordance with FFIEC CAT, CIS, GLBA, and others as needed.
*Work with IT to develop and implement Policies, Procedures, Standards & Processes.
*Coordinate between IT, IT Governance, and Internal/External audit on IT and IT Governance Audit findings. Collect management responses, track and monitor progress of open IT Audit findings and ensure deadlines are met.
*Actively assist and advise business unit management on how to evaluate and mitigate risks associated with third-party vendors.
*Assist with maintaining and maturing the IT and Security Risk Register.
*Ensure application and service documentation is completed and maintained centrally.
*Assist with documentation and review of risk and security configurations of applications. Including but not limited to application entitlements and secure configurations for all applications.
*Assist with maturation of risk-based culture throughout the bank.
*All employees have the responsibility and the accountability to serve as risk managers for their businesses by understanding, reporting, responding to, managing, and monitoring the risk they encounter daily as required by Dollar Bank's risk management program. Compliance with regulatory laws and company procedures is a required component of all position descriptions.
Required Qualifications:
*Bachelor's degree in computer science, management information systems, or related area. Will consider commensurate experience.
*Minimum of 3 (three) years of IT systems auditing or IT systems management.
*General understanding of risk management practices (e.g., risk assessments and risk prioritization).
*Experience in working with reviews of internal controls, functions, and processes (regulatory examinations, external audits (SOX), and reporting).
*Practical knowledge of the following regulations, frameworks, guidelines, and best practices: Sarbanes-Oxley 302/404 (application controls is a plus), COBIT, FFIEC IT Handbooks, CIS, and NIST relevant to IT Systems Validation.
*Must be able to clearly convey subject matter expertise to business end users and IT staff.
*Demonstrated ability to comfortably present information to a large group as well as create concise and informative written communication.
*Flexible work style as candidate will be partnering with multiple teams and working on an array of projects.
Desired Qualifications:
*Preferred Certifications: SCCM, GIAC, CISSP, CISA, or CRISC.
EEO Statement
Dollar Bank is an Equal Opportunity Employer.
Minority/Female/Veteran/Disabled
Principal Activities and Duties:
*Work with IT, IS Governance, and business personnel to conduct ADHOC and recurring risk assessments.
*Contribute to the Architecture Working Group, Vulnerability Management Committee, and Information Security Committee, interfacing with technical staff to assist in understanding, scoring, prioritizing, and remediating risk associated with products and initiatives presented to the group.
*Conduct IT operational risk assessments to identify risk and controls gaps and participate in group efforts to find sustainable solutions for executing resultant risk mitigation projects.
*Identify areas of IT risk and approaches to address those risks (systems, processes, and practices).
*Recommend enhancements and changes to existing policies, controls, and standards based upon the evolving operating and threat landscape.
*Plan, perform, and report the results of internal compliance assessments and audits against the existing system.
*Ensure IT Controls are maintained and updated in accordance with FFIEC CAT, CIS, GLBA, and others as needed.
*Work with IT to develop and implement Policies, Procedures, Standards & Processes.
*Coordinate between IT, IT Governance, and Internal/External audit on IT and IT Governance Audit findings. Collect management responses, track and monitor progress of open IT Audit findings and ensure deadlines are met.
*Actively assist and advise business unit management on how to evaluate and mitigate risks associated with third-party vendors.
*Assist with maintaining and maturing the IT and Security Risk Register.
*Ensure application and service documentation is completed and maintained centrally.
*Assist with documentation and review of risk and security configurations of applications. Including but not limited to application entitlements and secure configurations for all applications.
*Assist with maturation of risk-based culture throughout the bank.
*All employees have the responsibility and the accountability to serve as risk managers for their businesses by understanding, reporting, responding to, managing, and monitoring the risk they encounter daily as required by Dollar Bank's risk management program. Compliance with regulatory laws and company procedures is a required component of all position descriptions.
Required Qualifications:
*Bachelor's degree in computer science, management information systems, or related area. Will consider commensurate experience.
*Minimum of 3 (three) years of IT systems auditing or IT systems management.
*General understanding of risk management practices (e.g., risk assessments and risk prioritization).
*Experience in working with reviews of internal controls, functions, and processes (regulatory examinations, external audits (SOX), and reporting).
*Practical knowledge of the following regulations, frameworks, guidelines, and best practices: Sarbanes-Oxley 302/404 (application controls is a plus), COBIT, FFIEC IT Handbooks, CIS, and NIST relevant to IT Systems Validation.
*Must be able to clearly convey subject matter expertise to business end users and IT staff.
*Demonstrated ability to comfortably present information to a large group as well as create concise and informative written communication.
*Flexible work style as candidate will be partnering with multiple teams and working on an array of projects.
Desired Qualifications:
*Preferred Certifications: SCCM, GIAC, CISSP, CISA, or CRISC.
EEO Statement
Dollar Bank is an Equal Opportunity Employer.
Minority/Female/Veteran/Disabled
