Risk Management Specialist

The primary responsibility of this role is to identify, report, and manage all risks within the assigned domain by working closely with other risk SMEs and 2nd line functions to provide transparency to known risks and ensure proper and timely prioritization, mitigation, and remediation.

Reporting to the client IT Risk Executive, the person in this role will support the IT Risk Department's objective to execute the established risk assessment frameworks for IT and Data Risk, aligning with COBIT and other IT and Data Management frameworks, and ensuring that this integrates into the overall Enterprise Risk Management framework. Through these various risk management activities, the Domain Risk Leader is ultimately responsible for ensuring releases are delivered with quality and/or the remaining risks are clearly understood to enable the business to make informed risk decisions

What you’ll be doing

Manage the execution of a domain level risk management framework while working alongside dependent / potentially impacted domains to identify, track, and remediate technology, data, security, and business operations risks across the assigned domain

Develops risk and control standards and best practices documentation to enable sustainable practices and consistent / appropriate reporting of risk management metrics to enable related management actions

Continuously and accurately identify, assess, and analyze new, existing, and emerging risks and develop thorough risk mitigation plans to limit unreasonable risk exposure to the organization; incorporates risk management practice into everyday operations

Establish self as a trusted advisor while displaying excellent communication skills, a flexible and adaptive communicative style, and lead / influence others through persuasive arguments and active listening

Manage the issues through remediation or exception process in governance forums

Review/Validate/Test the findings before closing the issues upon remediation

Own generation of reports and dashboards to report risks, findings and remediation plans within the domain

Manage control additions/updates to narratives in risk management system

Own and drive annual technology risk assessments for the domain at least annually

What you bring

Education: Bachelor’s degree required or equivalent experience

Experience:

5+ years of exp in IT risk management, audit, or cybersecurity experience

Experience with managing risk for enterprise technology/cloud platforms at scale

Strong understanding of cloud architecture, cloud infrastructure, cloud governance, and cloud security processes

Experience designing and enforcing technology/cloud security policies aligned with regulatory requirements

Familiarity with security best practices for cloud infrastructure, including encryption, access control, and monitoring

Experience with leveraging and using APIs

Implementation and/or use of GRC systems (ex: Archer SaaS)

Working knowledge or the principles of technology and data risk management including ITGCs, IT application controls, GLBA, Information Security, Release Management, CI/CD, control design, and testing within complex enterprise data environments.

Deep knowledge of IT compliance frameworks such as COBIT, NIST, and ISO 27001

Experience with operational risk management and/or auditing, Sarbanes Oxley, COSO requirements

Added bonus if you have

Education: Master’s degree preferred

Experience: 10+ years of exp in IT risk management, audit, or cybersecurity experience

Skills/Hands on Technical proficiency: Cloud infrastructure/architecture background a plus

Certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM)

Knowledge: Banking Regulations and Industry Frameworks