Information Technology Risk Manager

What we’re looking for

IT Risk Department is looking for a passionate and highly motivated Domain Risk Leader.

What you’ll be doing

Manage the execution of a domain level risk management framework while working alongside dependent / potentially impacted domains to identify, track, and remediate technology, data, security, and business operations risks across the assigned domain

Develops risk and control standards and best practices documentation to enable sustainable practices and consistent / appropriate reporting of risk management metrics to enable related management actions

Continuously and accurately identify, assess, and analyze new, existing, and emerging risks and develop thorough risk mitigation plans to limit unreasonable risk exposure to the organization; incorporates risk management practice into everyday operations

Establish self as a trusted advisor while displaying excellent communication skills, a flexible and adaptive communicative style, and lead / influence others through persuasive arguments and active listening

Manage the issues through remediation or exception process in governance forums

Review/Validate/Test the findings before closing the issues upon remediation

Own generation of reports and dashboards to report risks, findings and remediation plans within the domain

· Manage control additions/updates to narratives in risk management system

· Own and drive annual technology risk assessments for the domain at least annually

What you bring

Education: Bachelor’s degree required or equivalent experience

Experience:

5 years of exp in IT risk management, audit, or cybersecurity experience

Experience with managing risk for enterprise technology/cloud platforms at scale

Strong understanding of cloud architecture, cloud infrastructure, cloud governance, and cloud security processes

Experience designing and enforcing technology/cloud security policies aligned with regulatory requirements

Familiarity with security best practices for cloud infrastructure, including encryption, access control, and monitoring

Experience with leveraging and using APIs

Implementation and/or use of GRC systems (ex: Archer SaaS)

Working knowledge or the principles of technology and data risk management including ITGCs, IT application controls, GLBA, Information Security, Release Management, CI/CD, control design, and testing within complex enterprise data environments.

Deep knowledge of IT compliance frameworks such as COBIT, NIST, and ISO 27001

Experience with operational risk management and/or auditing, Sarbanes Oxley, COSO requirements

Added bonus if you have

Education: Master’s degree preferred

Experience: 10 years of exp in IT risk management, audit, or cybersecurity experience

Skills/Hands on Technical proficiency: Cloud infrastructure/architecture background a plus

Certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM)

Knowledge: Banking Regulations and Industry Frameworks