Controls Testing Professional Practices – Control & Governance (Hybrid)

Controls Testing Professional Practices – Control & Governance

Location: Hybrid 2 days per week on-site – Mt Laurel, NJ/Charlotte, NC/New York, NY (Midtown)/Ft Lauderdale, FL

Information Security covers the development and management of security strategies, policies, and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, and partnering with businesses for better technology delivery by providing advice on technology controls.

Job Description/Key Accountabilities

Control & Governance, Professional Practices position is designed to support our Control Effectiveness Testing program and bring effectiveness and continuous improvement to the forefront. This critical role will focus on maturing the control testing methodology, tools, and resources to align with industry best-practices, and ensuring robust relationships with key stakeholders, control owners, and testing and validation partners throughout the organization. This role will also assume responsibility of building, training, and managing a team of control testing experts including day-to-day delivery engagements and reporting.

The ideal candidate will lead the execution of the technology control effectiveness testing program with a deep expertise in regulatory compliance, business and technical control design and testing methodologies, agile delivery practice, and risk management within a complex, global banking environment. This individual will be responsible for working with and influencing leaders across the organization and staying highly connected to senior leadership across the three-lines-of-defense model to ensure alignment. To be successful in this position, the candidate will require excellent people skills, high standards of professionalism, and demonstrates thoughtful problem solving while multitasking and thriving in a fast-paced environment.

About This Role

• Leading our technology control effectiveness testing program for seamless execution, including stakeholder communications, engagement administration, and quality assurance
• Oversee the development, implementation, and management of control testing procedures, ensuring alignment with regulatory requirements
• Monitor the execution of control tests, ensuring timelines, quality, and consistency in testing results across the organization
• Collaborate with senior executives, operational risk management, and technology leaders to ensure that testing processes meet business needs and regulatory standards
• Prepare and deliver clear and concise reports, presentations, and updates to senior management, auditors, and key stakeholders on control testing progress, findings, and resolutions
• Interface directly with internal and external auditors to ensure smooth and effective audit engagements, addressing concerns and driving timely resolutions
• Focus on maturing the technology control effectiveness testing program by identifying and implementing efficiencies in the management and testing of controls drive scalability, automation, and continuous improvement
• Collaborate with key stakeholders to continuously refine processes, tools, and methodologies for more effective and scalable testing approaches
• Provide leadership on identifying emerging risks and opportunities for improvement in the overall cybersecurity and information security governance programs
• Identify potential weaknesses in controls, recommend remediation strategies, and track progress on mitigation efforts
• Ensure alignment of the tech control testing program with broader cybersecurity governance frameworks, regulatory requirements, and best practices
• Other activities assigned by Management or Department Leadership.
  
  
  

Education & Experience

• Undergraduate degree in Information Security, Cybersecurity, Risk Management or relevant professional certifications, accounting designations, or equivalent education required
• Expert knowledge of agile delivery practices, control testing framework, regulatory frameworks, and cybersecurity standards Advanced certifications (CISSP, CISM, CRISC, or similar) are preferred
• In-depth knowledge of audit methodology and industry trends related to IT, Information Security and Cyber Security
• 10 years of experience in cybersecurity, information security, or IT governance, with at least 3 years in a senior leadership role focused on control effectiveness testing, audit, or risk management
• Proven experience in managing complex technology control effectiveness testing programs, including control testing, reporting, and collaboration with internal and external auditors
• Excellent communication and presentation skills, with the ability to explain complex technical issues to senior management and non-technical stakeholders
• Strong analytical and problem-solving abilities, with a focus on process improvement and operational efficiency
• Expertise in risk management frameworks and methodologies, with a deep understanding of cybersecurity governance
• Ability to manage and influence cross-functional teams, including auditors, risk management professionals, and technical leaders
• Highly organized with the ability to manage multiple priorities in a fast-paced, global environment
• Proficient in using operational and performance metrics to drive decision-making
  
  
  

Heitmeyer Consulting is an equal opportunity employer and we encourage all qualified candidates to apply. Qualified applicants will be considered without regard to minority status, gender, disability, veteran status or any other characteristic protected by law.