Test Validation Lead is primarily responsible for providing day-to-day leadership and oversight of the 1B Test Validation activities in conjunction with the broader 1B function which facilitates independent periodic review of metrics, risk assessments and testing areas across Technology, GITRM and DG&A.
The Test Validation Lead will work with the Director, IT Risk Monitoring execute two types of Test Validation (TV) activities: Disaster Recovery TV and SOX IT General Controls as well as report findings to senior stakeholders and ensure exception and remediation efforts are consistently reviewed and addressed.
- Provides overall leadership in the independent validation of Disaster Recovery TV and SOX IT General Controls.
- Perform independent validation of test results for ITGC testing across GITRM 1A (CFCT) Tech. 1A (TBCG), and Data Governance & Analytics 1A (DG&A)
- Perform independent validation of disaster recovery (DR) test results from Tech. 1A (TBCG and ITSC)
- Ensures that validation activities cover all appropriate applications and controls.
- Interacts with appropriate teams in to facilitate supporting evidence to facilitate validation activities.
- Conducts detailed reviews in a constructive manner.
- Consolidates outcomes of the validation activities and report findings to senior stakeholders.
- Clearly communicate validation outcomes to stakeholders.
- Demonstrates understanding of business processes and capabilities being validated
- Champions and facilitates discussions supporting actions in areas needing improvement.
- Provide oversight to ensure identified remediation efforts are regularly reviewed and addressed.
- Propose enhancements / solutions that lead to risk reduction.
- Advises GITRM management of risk issues and/or riskportfolio trends.
- Cultivates relationships with business leaders, representatives, and other business partners, to ensure that requirements are accepted and well-known (CSA, T&O Risk etc.)
- Participates in support activities across the broader 1B team activities as needed.
- Oversees analysts
- Possesses a university degree/college diploma in Information Security, Technology or Risk Management or equivalent work experience, and/or 10+ years of experience in IT audit, information securityaudit or related field.
- Financial industry experiencepreferred.
- At least 5 years of overall relevant experience in Info Security, IT Security, IT Risk Mgmt., IT Controls governance, Business Continuity / Disaster Recovery Planning
- Solid experience in IT controls mapping, Sarbanes-Oxley (SOX) IT general controls (ITGC) testing / re-testing, test validation, and reporting
- Working knowledge / experience with Disaster Recovery (DR) testing and test validation
- Ability to review, parse, filter, and report on large volumes of test results using calculations, scripts, pivot tables, macros, etc. in MS-Excel (or similar tool)
- Ability to compile reports for stakeholders such as, ITRM executives, Internal Audit, Technology owners, Application owners, etc.
- Possess strong working knowledge across ISO 27001:2. NIST CSF, SOX, CoBIT and ITIL frameworks
- Strong experience in facilitating periodic testing and validation review of metrics, IS and Technology controls, and DR activities.
- CISA, CISSP or other related professional security certifications
- Information technology/security subject matter expert on technical solutions, standards, process, procedures, compliance, risk and awareness.
- Possesses analytical and problem-solving skills
- Maintains an awareness of emerging Information Security technologies and industry trends
- Working knowledge of Archer GRC
- Project Management skills a plus
- Possesses expert communication skills, both written and verbal
- Strong collaboration skills
- Demonstrates expert leadership skills and capabilities
- Displays high ethics and trust values
- Ability to operate effectively in a matrix environment
We’re here to help