- You will ensure that controls are sufficiently designed, documented, and evidenced to satisfy risk, audit and regulatory objectives:
- Build security control and risk scorecards, metrics, and reporting capabilities in GRC to support assessment of security compliance and risk posture.
- You will independently execute audit activities of moderate to high complexity including IT technical audits, pre & post implementation consulting engagements, and integrated audits
- Utilize IT Risk experience to support audits and regulatory projects.
- Coordinates efforts across multiple departments to ensure compliance requirements are met within required deadlines.
- Direct cross-organization/ business unit and operational teams to address security controls and compliance, coordinate exception evaluations, and track risk remediation activities, temporary exceptions, and control status and ownership.
- Advocate, coach and highlight the impact of IT policies, standards, procedures and initiatives to promote, support and improve security controls and negotiate resolutions of issues which arise during deployment and implementation of IT Controls and related practices.
- Enable continuous technology compliance by maintaining up to date controls, coordinating controls testing and monitoring, identifying and bringing up control non-compliance.
- You will assist in organizing and preparing responses to regulatory and audit requests including drafting of talking points and presentations on topics such as control design/execution and strategic risk mitigation programs.
- You will regularly liaise with Compliance, Audit and Legal functions to dedicatedly monitor pending and proposed legislation and upcoming reviews in order to adequately prepare for and adapt to new or heightened expectations.
- Track remediation on reported audit and regulatory observations to ensure timely and comprehensive resolution; on a regular basis, issue reports to IT leadership as to current state.
Qualifications & Experience:
- 15 years of experience with 5+ years in Information Security
- Experience in IT Risk Management, Information Security and/or IT Audit, preferably within the financial services industry or a consulting organization.
- Understand key IT and automated business processes and perform testing of the design and operating effectiveness of controls within those processes (General IT Controls and Automated Business Controls).
- BS or BA degree, preferably in technology, business or equivalent.
- Meaningful certifications, such as CISSP, CRISC, CISA, CISM, are a plus.
- Control program execution and reporting management through a Governance Risk and Compliance solution.
- Experience managing an ISO-27002 or NIST aligned security program.
- Experience programmatically assessing and managing security risks associated with vendors, confidential and personal data, critical IT assets, technology projects, and business initiatives.
- Demonstrated leadership in GRC tool selection, deployment and management and in GRC workflow definition and automation.
- Experience coordinating across business units, audit, compliance and legal teams to provide outside entities with technology evidence, documented exceptions, mitigating controls, and/or remediation activities underway to verify technology compliance.
- Strong presentation skills involving large and of varying IT background audiences; ability to adjust message and filter details based on audience.
- Experience working with multiple teams and stakeholders to coordinate activities in a timely manner
- Certifications a Plus: CISSP, CEH, SANS/GIAC, Sec+, CASP or similar professional certifications
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status