IT Risk AVP
- Manhattan, NY, USA
- Permanent, Full time
- Michael Page International - US
- 13 Jan 17
This firm is looking for an individual who can demonstrate leadership in a new Technology Risk function. This person will need knowledge of laws, regulations and standards that govern Information Security practices. Experience coordinating across business units including audit, compliance, and technology would be extremely beneficial. This future employee will have the opportunity to work with senior management and give input on key risks within the firm.
Well established financial services firm looking to build out their Technology Risk function.
- Ensure that controls are sufficiently designed and evidenced to satisfy risk, audit and regulatory objectives
- Build security control and risk scorecards, and reporting capabilities in GRC to support assessment of security compliance and risk posture.
- Direct cross-organization/ business unit Controls Working Group and operational teams to address security controls and compliance, coordinate exception evaluations, and track risk remediation activities, temporary exceptions, and control status and ownership.
- Advocate, coach and highlight the impact of IT policies, standards, procedures and initiatives to promote, support and enhance security controls and negotiate resolutions of issues which arise during deployment and implementation of IT Controls and related practices.
- Enable continuous technology compliance by maintaining up to date controls, coordinating controls testing and monitoring, identifying and escalating control non-compliance.
- Assist in organizing and preparing responses to regulatory and audit requests including drafting of talking points and presentations on topics such as control design/execution and strategic risk mitigation programs.
- Schedule, coordinate and lead self-assessments and tabletop exercises to help prepare teams for anticipating questions and requests related to upcoming audits.
- Track remediation on reported audit and regulatory observations to ensure timely and comprehensive resolution; on a regular basis, issue reports to IT leadership as to current state.
- Formalize ongoing processes to support risk management and audit/ compliance activities, identifying opportunities to integrate these into our technology enablement approach.
- Minimum 3+ years of experience in IT Risk Management, Information Security and/or IT Audit, preferably within the financial services industry or a consulting organization.
- BS or BA degree, preferably in technology, business or equivalent.
- Relevant certifications, such as CISSP, CRISC, CISA, CISM, are a plus.
Competitive base + bonuses