EDUCATION:

Bachelor’s Degree in a technical discipline or equivalent work experience: Computer Science, Information Technology, Information Systems, Information Security. Req
Master’s Degree in related technical disciplines. Pref
Professional Certifications in one or more domains of technical expertise. Req.

WORK EXPERIENCE:

Practitioner experience in Technology or Cybersecurity risk management with an ability to lead technical risk assessments, identify and assess risks, document findings and opinions, and develop risk reporting
Good understanding of regulatory requirements e.g. FFIEC, FDIC, OCC requirements and industry frameworks and practices e.g. COBIT, ITIL, ISO, NIST 800-53, CSA-CCM v4, Fed Ramp, CIS Benchmarks
Overall professional experience of 10+ years or more in technology risk audit & assurance or a technology risk management role in a matrix organization
Experience within a highly regulated environment such as the financial services industry
Master’s Degree in related technical disciplines. Pref
Professional Certifications in one or more domains of technical expertise. Req.

TECHNICAL SKILLS:

IT Service Management domains e.g. IT Change Management, IT Capacity Management, IT Incident Management, IT Release Management
Software Development Lifecycle (SDLC)
IT Asset Management and Shadow IT (End User Computing)
Networks and Communication Systems
Virtualized infrastructure
Payments technology e.g. SWIFT, Fedline etc.
Advanced levels of proficiency in MS Excel and Powerpoint
High levels of proficiency with data visualization and reporting tools such as PowerBI and/or Tableau
Working knowledge of the Python ecosystem, including best practices (Pref)

COMPETENCIES AND ABILITIES:

Demonstrated expertise and track record in the design and assessment of technology controls across multiple technical domains, and ability to perform at an advanced level of competence.
Strong familiarity with Risk Control Self-Assessment (RCSA) of technology processes
Strong risk, process, and control validation and/or assessment skills with an ingrained sense of intellectual curiosity.
Excellent communication and presentation skills, including the ability to present complex topics, negotiate and recommendations to senior stakeholders.
Meticulous attention to detail and accuracy when analyzing data, preparing reports, and documenting risk management processes.
Having the ability to multi-task and adapt/adjust to multiple demands and competing priorities
A team player who can coordinate and drive consensus among different teams and stakeholders having varying viewpoints
Ability to convey a sense of urgency and drive issues/projects to closure.
Excellent written and oral communication skills.
Excellent analytical skills when it comes to problem-solving including the ability to challenge root causes and related corrective actions
Strong organizational and project management skills.

WHAT ELSE YOU NEED TO KNOW :

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.
Base Pay Range
Minimum: $93,750.00 USD
Maximum: $165,000.00 USD

EMPLOYER RIGHTS:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

Establish themselves as the second line of defense subject matter expert on technology risk management
Identify and assess technology risks ensure awareness and accountability for their management
Design and execute independent testing and assurance of technical domains
Participate in the independent and ongoing risk oversight of key technology components of the firm’s business and strategy initiatives.
Participate in evaluation of new products / Business changes / projects and assess related technology risks and impact to the technology risk profile
Participate in the evaluation and management of risks related to third-party suppliers involved in technology projects
Perform review and challenge of first line of defense risk management processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.)
Analyze IT risk data from various sources (e.g. external events, control deficiencies, risk register etc.) to identify and measure levels of risk, concentration, trends and patterns, drive automation, risk analytics & aggregation and risk visualization
Support process for constructive engagement across the Lines of Defense regarding risk appetite, risk metric determination or evaluation, issue management and action plans
Advises on remediation of regulatory findings, correction of any inconsistencies and monitors resolution
Prepare information to enable governance committees / working groups in the management oversight of technology risks
Initiate timely escalations to the Technology Risk leadership team
Work across the lines of defense to recommend strategies that effectively treat risks within the risk appetite