• Work with the functional leadership team to manage and assess the existing IT risks and controls
• Responsible for the operational risk and control management implementation and remediation
• Work as an SME to perform assessments related to Threats, Gaps, Risk, Impact against the regulatory requirements and Industry standards
• Drive strategic risk assessment and management over major change initiatives
• Ensure all compliance and control functions are performed within given timelines
• Track, monitor and validate risk issues and provide an action plan to rectify the issues
• Collate requests and keep track of all outstanding issues
• Provide risk training /workshops to the internal stakeholders

Skills: Risk Assessment, Control Management, Operational Compliance, Threat Analysis, Gap Evaluation, Issue Tracking, Regulatory Alignment, Stakeholder Training

• Lead due diligence assessments for vendors partnering 
• Work closely with multiple stakeholders as a part of the vendor risk assessment process
• Communicate requirements, gather artefacts, provide guidance on the procedures followed and share results of the assessment
• Negotiate security terms with Business partners 
• Developing risk management strategies, evaluating potential risks and exposure in technology
• Determine how to effectively minimize those risks and develop procedures that can be implemented
• Guide Tech teams to evaluate potential risks and exposures, understand control failures and perform root cause analysis
• Provide a recommendation for risk response against the third-party risk assessment result
• Influence stakeholders within the organization to build and maintain a strong risk culture
• Working with various stakeholders to ensure projects with tech solutions are appropriately designed to minimise delivered risk
• Identify, review, analyse and manage operational risks 

Skills: Vendor Due Diligence, Third-Party Risk, Stakeholder Engagement, Security Negotiation, Risk Strategy, Root Cause Analysis, Operational Risk, Risk Reporting

• Act as subject matter expert on the organisation’s SOX framework
• Perform impact assessments for changes to the organisation’s SOX framework
• Propose changes to ensure internal SOX processes meet the requirements of the organisation’s SOX Framework
• Prepare and launch SOX Beginning of Year Design Effectiveness Testing and End of Year communications to Control and Application Owners
• Document/update Quality Guidance documents, Operational Effectiveness Testing based on feedback from the Quality Assurance team
• Provide advice and guidance and respond to queries from Divisional Support, SOX QA and peer Advisory team members and others in the SOX team
• Document and/or review SOX General Computer Controls and templated General Application Computer Controls descriptions
• Provide input into control design as controls change and new systems are implemented
• Act as the expert user for in-house control documentation
• Manage agenda, chair and minutes of the Divisional Support team members, the Control Owners and the Application Owners Forum

Skills: SOX Expertise, Impact Assessment, Control Design, Documentation Management, Quality Review, Advisory Support, GRC Knowledge, Stakeholder Coordination

• Supporting the IT teams to ensure risks and controls are recorded and managed appropriately
• Tracking and progressing all IT risk-related actions, including Risk assessments, Internal Audit, External Audit, Business Continuity and SOx actions
• Working with action owners across IT to ensure agreed targets are met and the Risk Management system (ARMS) is maintained
• Production of Key Risk Indicators
• Developing and delivering effective risk reporting and management information
• Completing trend analysis, identifying root cause and areas for improvement
• Providing subject matter expertise around risk and control frameworks, being the first point of contact for all risk and control queries from DS IT
• Coordination of the half-yearly Risk Assessment process and providing support to RCSA owners
• Facilitating and leading meetings with the CIO and Senior IT managers to carry out risk assessments
• Identifying training requirements across the wider IT community and delivering Risk training
• Overseeing IT Risk Incidents, ensuring that first-line responsibilities are being met and collating information required for reporting
• Facilitating the Policy Attestation process
• Maintain a view of key dates for risk reporting, providing awareness to key stakeholders so that dates are met
• Complete control testing activities to ensure active controls remain appropriate and robust
• Execute controls in line with agreed schedules

Skills: Risk Management, Control Monitoring, Risk Reporting, Trend Analysis, Root Cause Analysis, KRI Development, Control Testing, Stakeholder Coordination

• Take part in the creation, review and update of the Risk Management framework
• Perform cyclical risk identification and assessment
• Perform Process review and controls testing
• Determine solutions to minimize or eliminate risks
• Work with business process owners on controls documentation, review, testing and remediation
• Perform and document annual walkthroughs (test of design) of the company’s business controls
• Manage performance and documentation of testing (test of effectiveness) of the company’s business controls
• Coordination of ICOFR-related activities with multiple stakeholders, timely performance of related activities to ensure flawless execution of the program
• Help to evaluate, monitor, and resolve findings from internal and external audits
• Evaluate control deficiencies, develop remediation plans and impacts to financial statements
• Assess new accounting standards and guidance, etc., to ensure enhancement/reengineering of current accounting processes and controls
• Identify opportunities for streamlining and automating control activities within financial processes
• Promote Risk Management knowledge across the company

Skills: Risk Framework, Risk Assessment, Controls Testing, Process Review, Deficiency Evaluation, Audit Coordination, Remediation Planning, Control Documentation

• Broad understanding of Regulatory requirements and Governance frameworks for Technology Risk Management (FFIEC/ ITIL/ COBIT/ Banking and Insurance Laws/ Regs)
• Hands-on experience with large regulatory compliance oversight programs, managing teams and communicating feedback with Senior IT Leadership
• Familiarity with Governance Committees and Reporting needs
• Demonstrated experience in applying IT/IS risk frameworks such as risk governance, control effectiveness measurement, process, risk and control analysis, and risk management coverage plan (monitoring, assessment and testing)
• Experience with data analysis, data governance, data standards, business data modeling, metadata, data quality, and/or reporting processes and tools
• Strong knowledge of data governance frameworks, risks, controls, and data-related regulations/standards (e.g., BCBS 239, GDPR, CCPA, GLBA, PCI-DSS, etc.)
• Broad understanding of ITIL/ COBIT frameworks for implementing IT General Controls and Business Application controls
• Broad understanding of NIST and other Security / Privacy frameworks impacting Financial Institutions

Qualifications: BS in Information Technology with 4 years of Experience

• Experience in an IT Security role
• In-depth knowledge of Identity Management, Network Security, EDR, Intrusion Detection Software, SIEM, and Log Management
• Basic working knowledge of Cloud security and associated technologies
• Basic understanding of DLP
• Experience with performing vulnerability scans, reviewing vulnerability scans, and managing remediation activities
• Experience with vulnerability management systems
• Knowledgeable in an information security program's technical and business aspects, as demonstrated by applicable industry certifications, NIST 800.171, and the NIST CSF
• Experience working with SSAE 16,18 reports
• Experience building processes and programs
• Must have excellent project management skills
• Excellent understanding of Excel, Power BI or other data reporting software
• Possess excellent written and verbal communication skills

Qualifications: BS in Cybersecurity with 6 years of Experience

• Audit and compliance review experience with testing practices, policy checks and best practices
• IT work experience in information systems support, administration, risk management, and audit principles
• High proficiency in Microsoft Excel data evaluation and manipulation
• Prior experience working and communicating with regulatory or internal auditors
• Familiarity with standard Active Directory and Windows / MSFT stack
• Prior technical audit experience
• Experience with Automation/Scripting using Splunk
• Must have CISSP (Certified Information Systems Security Professional) certification or equivalent
• Solid understanding of security protocols, cryptography, authentication, authorisation and security
• Good working knowledge of current IT risks and experience implementing security solutions
• Demonstrated working knowledge of ISO-27001 - Information Security Management System

Qualifications: BS in Information Systems with 5 years of Experience

• Experience in the Information/Cyber Security field
• Experience in cyber security operations, incident response, IT risk management or investigations
• Demonstrated experience analyzing complex cybersecurity data sets within the subject area specialty
• Demonstrated knowledge of the cybersecurity landscape -such as threats, trends, and technologies
• Demonstrated knowledge of financial regulation and control frameworks applicable to cybersecurity or IT risk
• Excellent communication and interpersonal skills
• Strong ability to create positive and professional business relationships with internal clients
• Strong commitment to working as a team and providing excellent customer service
• Exposure to banking or an equivalent highly controlled technology environment

Qualifications: BS in Software Engineering with 4 years of Experience

• Experience in banking and/or financial services IT
• Experience with Credit Risk calculations and reporting
• Experience with Reporting solutions, especially Moody's Risk Authority 
• Basic SQL/database skills (especially in Oracle)
• Must have Security certifications (CISSP, GSEC, etc.)
• Demonstrated experience with Industry or subject-specific analysis or assessment frameworks (FAIR, NIST CSF, etc.)
• Experience in the banking/financial industry 
• Experience in SQL and Database Management concepts
• Experience in analyzing data and identifying key themes for root cause analysis
• Excellent organization, communication and documentation skills
• Passion for process improvement

Qualifications: BS in Data Analytics with 6 years of Experience