- 1st and/or 2nd LOD experience in IT risk management within a large financial institution focused on assessing information systems and technology risks and controls, with a demonstrated background in applying risk & controls, security and technology principles
- Previous technical domain experience to include Architecture, DevOps, Security, Application Development and/or Infrastructure/IT Ops, etc.
- Primary responsibilities are focused on key program pillars including the risk assessment process, due diligence, and ongoing monitoring.
- Review and challenge risk assessments for completeness, consistency and accuracy prior to third party engagement.
- Provide oversight of the Risk Assessment team and confirm adherence to program requirements from onset of an engagement through to termination. This includes understanding the use of third parties providing technology, operational, or professional services across the organization.
- Experience working with Risk, Security or Audit frameworks (FFIEC, COBIT, COSO, ISO 27001/2, NIST 800-53, SSAE16)
- Experience evaluating IT Architecture design for infrastructure, virtualization, cloud technology and business technology architecture for financial institutions, evaluating software development life cycle processes, agile execution utilizing scrum partners, evaluating middleware technologies (e.g., Websphere) and infrastructure platforms
- Develop and recommend strategies and tactical approaches that streamline activities and increase productivity to eliminate bottlenecks as the scope of the area's responsibilities expands.
- 8+ years of related experience
- Bachelor's degree with Master's or equivalent experience preferred
- CISA, CISSP, CISM, CRISC, or other information security certifications
- Advanced risk management experience in a complex institution and/or highly matrixed environment related to banking, insurance and/or financial services.
- Demonstrated experience in conflict resolution management and ability to effectively challenge at all levels of management and influence business outcomes.