IT Risk Auditor

Job Description :

• IT Risk (GITR) team enables the protection of brand, systems, and operations by equipping business and technology partners with meaningful insights, advice, and information on IT & cyber risks.


• Senior Cyber Security and IT Risk Management Analyst will perform risk-based testing activities that independently evaluate the design and effectiveness of IT controls and further assist with the enhancement and execution of the IT Control Testing and Monitoring.


• This role will primarily support the identification and mitigation of IT and regulatory risks and operational issues and will also assist in the maintenance of operational and IT control procedures.


• This is an advanced senior professional with wide ranging experience uses professional concepts and to resolve complex issues.


• Serves as an expert in own discipline or area of specialization. This dynamic position provides opportunities for working across the organization.
  
  •       Executing control testing that evaluate the design and operating effectiveness of IT controls.
  •       Analyzing, aggregating, and articulating the results/issues/recommendations related to control testing activities.
  •       Perform internal control monitoring and testing adhering to an established schedule.
  •       Participate in all phases of the internal control monitoring process including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports and maintaining work papers.
  •       Investigate and ensure proper risk management actions are taken on IT control deficiencies. Foster a risk aware culture on proper management of IT control issues.
  •       Maintaining a thorough understanding of organization's relevant governing policies and standards, IT control testing methodologies, and related regulatory and compliance standards
  •       Establish strong working relationships across business units and teams to build influence and impact with key business partners.
  •       Keeping abreast of external cyber security trends, technologies and cyber risk management approaches, control hygiene of the environment, and often works with other teams on IT risk-related initiatives to provide subject-matter recommendations and guidance to achieve a risk posture within the organization’s overall risk appetite.
  
  
  
  Must have


• Bachelors' degree in computer science, engineering, or related field.
  •       Preferred Certifications: CRISC - Certified in Risk and Information Systems Control, CISA – Certified Information Security Auditor, CISSP - Certified Information Systems Security Professional.
  •       Demonstrated ability in written and oral communication skills along with strong presentation skills. Ability to determine the information and communication needs of the stakeholders.
  •       A strong understanding of technology and/or financial services industry. Knowledge of FINRA, SEC, MSRB, FRBNY and OCC rules and regulations.
  •       Deadline-driven and results-oriented; able to meet consistently high-quality standards while handling a variety of tasks and deadlines simultaneously.
  

Nice-to-have

• Risk and Control management knowledge and industry experience across Information Technology (IT) domains
  •       Working experience in cybersecurity and/or IT risk management spaces
  •       Big 4 IT risk consulting and/or audit experience