What we do:
The Markets Group at the Federal Reserve Bank of New York implements monetary and foreign exchange policy on behalf of the Federal Open Market Committee (FOMC), provides payment and custody services to foreign central banks and international monetary authorities, conducts Treasury security auctions in the role of Fiscal Agent for the U.S. Treasury Department, processes Discount Window loans to qualifying depository institutions, and posts daily money markets reference rates to the Bank's public website.
The Markets Risk and Control (MRC) Directorate establishes and administers the Markets Group's integrated risk management program in support of, and compliance with, the Bank's risk management framework. The MRC engages with Markets Group management to develop an aggregated and objective view of 'first line' risk exposures, advises business area management on control issues and mitigation decisions, provides a first line review and quality assurance function, and promotes effective information dissemination and transparency of existing and emerging material risks and control issues.
Responsibilities specific to MRC include: facilitating risk and control self-assessments; preparing and distributing the Group's Quarterly Risk Package; administering the Group's Sarbanes-Oxley (SOX) compliance program; coordinating audit reviews of business operations and contextualizing potential findings with stakeholders; analyzing audit findings, risk events and technical vulnerability findings for root cause trends and process improvement opportunities; identifying IT project risks and monitoring projects from a risk management perspective; leading the Group's business continuity program; liaising with the Bank's control Functions (second lines of defense) and various audit entities (third lines of defense); and communicating risk information to senior Group and Bank management.
Your role as an Information Technology Risk and Control Associate:
- Assist with the annual Risk and Control Self-Assessment (RCSA) process for the Business Technology (BT) Function, working closely with BT management.
- Review BT's RCSA for inclusion of known risks and ensure the content aligns with information in other risk-related artifacts, including the Group's Quarterly Risk Package, the Group's Risk Profile and the RCSAs of other Functions.
- Collect information and prepare artifacts for inclusion in the Quarterly Risk Package.
- Conduct SOX testing with a focus on access control and information technology (IT) project management, and report on the status of testing to stakeholders.
- Support IT audit reviews of Markets Group business operations. Attend walk-through sessions, ensure collection and delivery of requested artifacts, and coordinate contextualization discussions with audit entities.
- Maintain tracking worksheet for audit findings assigned to the Business Technology (BT) Function, and follow up with BT managers to ensure timely remediation of findings.
- Review BT risk events as reported in the Archer application for completeness and accuracy, and follow up with stakeholders to ensure completion of long-term remediation action items and closure of risk events.
- Evaluate and monitor IT project risks and assist with preparation and/or review of project artifacts (e.g., risk registers, mitigation plans, etc.), as needed.
- Assess the adequacy of existing controls, including information security controls, and recommend new controls, modifications to existing controls and other control enhancements that strengthen BT operations controls and remediate known and potential vulnerabilities.
- Build and maintain relationships across the Markets Group, the Bank's control Functions and audit entities.
- Stay apprised of the Federal Reserve Bank of New York's and industry best practices related to risk management, internal controls, vendor management, and other risk and control related areas.
What we are looking for:
- 5 years of experience in risk management, internal controls, internal audit or other relevant experience in a risk-related role.
- Bachelor's degree; advanced degree or certifications (e.g., CIA, CISA, CISSP or CRMA) a plus.
- Experience assessing cyber related risks a plus.
- Good analytical, problem-solving, independent thinking, and decision-making skills; ability to independently resolve less complex issues with stakeholders.
- Understanding of risk analysis and risk mitigation, including a demonstrated ability to link risk initiatives to critical business drivers, profile risks, and identify risk concentrations and triggers.
- Good communication (verbal, written, and presentation) skills.
- Experience delivering quality written documents under tight deadlines.
- Ability to work with stakeholders from across the organization collaboratively and constructively, including the ability to build and maintain strong relationships.
- Initiative and ability to self-start, organize efforts independently, and make timely decisions and effective recommendations.
- A high level of proficiency with Microsoft Office Excel and Word, and working knowledge of SharePoint, PowerPoint and Visio.