The Risk Technology Manager is a technical role responsible for enabling the technology business unit management to assess and manage all aspects of technology risk. Additionally, this role will focus on automation and tooling to assess, manage and monitor technology risk associated with the adoption and deployment of modern technologies.
Primary responsibilities include:
- Advise on new processes, technologies, initiatives and strategies from a risk and control perspective; guide the technology unit(s) in the design, development and deployment of appropriate controls for legacy, cloud and vendor provided environments.
- Performs targeted technology risk assessments and advises the business lines on risk, control posture and mitigation actions.
- Responsible for facilitating risk and control self-assessments for technology processes.
- Monitor and/or maintain appropriate controls and required documentation
- Partnering with business leaders to develop action plans that will deliver intended outcomes within defined timelines while identifying themes and related holistic remediation plans.
- Provides day to day support to the business unit(s) providing knowledge and expertise on the appropriate implementation of Regulations, Rules and industry standards through procedures, other guidelines, and industry best practices.
- Provide subject matter expertise for regulatory engagements and participates in all important interactions with the regulators.
- Develop and maintain automation that integrates in existing tooling and products.
- 5+ years of experience (practitioner, risk and control and/or technology audit) of systems architecture, infrastructure, technology operations, development life cycle and methodologies, information security and DevSecOps
- Experience in an organization that is under strong regulatory oversight and scrutiny
- Experience coding and with scripting languages (e.g. Python, Perl, Ruby)
- Intermediate knowledge of internal controls and risk assessment
- Intermediate knowledge of security topics including cloud security, secure software development, cryptography
- Basic knowledge of business areas processes and/or products and operations; regulatory requirements; and key processes, controls and exposure areas
- Strong business writing skills
- Understanding of FFIEC guidelines and handbooks, GLBA, SOX, PCI
- Ability to effectively communicate and engage and in Technical discussions, but also convey themes and concepts to senior leadership
- Project management skills to support multiple assignments on behalf of various stakeholders
- Knowledge of industry recognized frameworks such as ISO 27001, ISO 20000, ISO 9001, ISO 31000, ISO 22301, Cobit, COSO, ITIL and NIST and control design.
- Awareness and understanding of process automation and control monitoring
- General awareness of technology as a service (Iaas, SaaS, PaaS)
- Ability to analyze and synthesize many risk data points and help the business to prioritize mitigation
Education, Certifications and/or Other Professional Credentials:
- Bachelor’s degree required in Computer Science, Information Systems, or Engineering
- AWS or cloud relevant certifications
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Internal Auditor (CIA)
- Technology discipline certification such as CCNA, MCSE, RHCE
- Certified Fraud Examiner (CFE)