Sr.Technology Risk and Compliance Associate

Sr.Technology Risk and Compliance Associate

Requirements

• 3+ years of experience in risk management, compliance, audit, and or information security, with specific focus on technology and information security
• Knowledge of cloud environments, product development, and common security and technology frameworks such as CIS, NIST, SOC2, PCI, and SOX
• Ability to work in a matrixed organization with excellent analytical and problem-solving abilities, with a keen attention to detail and a results-oriented mindset
• High level of integrity, do things the right way, and lead by example
• Comfortable with organizing and managing multiple priorities and deadlines concurrently
• Proactive, take the initiative, and can work independently with limited supervision
• Experience working in financial services or other regulated industry
• Flexibility to attend work related meetings outside of typical working hours
• Bachelor’s degree in a relevant discipline
• Possess relevant certifications such as CISSP, CGRCP, CISA, CISM, CRISC etc…

Responsibilities

• Perform reviews of technology initiatives and processes to ensure policies, processes, and practices meet requirements and are consistent with industry standards, regulations, and best practices.
• Assist with risk assessments, performing critical analysis as necessary and monitor data used to identify heightened risk and help develop risk remediation recommendations.
• Assist with deep dives into technology and security risk events and analyze thematic technology risks to provide appropriate expertise and insight.
• Analyze and test technology and information security controls and processes to ensure identified risks are effectively mitigated. You will provide assurance and escalate any identified gaps or opportunities for improvement.
• Assist with the development of technology and information security risk registers for proper assessment of identified risks, including analysis, rating, prioritization, and ownership.
• Monitor and facilitate periodic reviews of the risk registers to ensure any changes to the control environment has been captured appropriately.
• Analyze corrective actions and mitigation plans for incidents, identified issues, and findings for comprehensiveness, appropriateness, and timeliness to address the associated risks, and report and escalate any gaps or opportunities for improvement.
• Collaborate with the 1st line of defense in discussing and resolving control gaps, risk trends, risk issues and incidents while also providing credible challenge of their assertions, assumptions, and conclusions.
• Partner with the relevant technology, business units and other support functions to develop a perspective on the risk and ensure consideration of evolving regulatory expectations.
• Participate in technology and information security risk forums, as deemed appropriate, to identify new and emerging risks and provide complementary expertise to foster robust dialog and information sharing about risks and controls.
• Actively review initiatives and projects to ensure technology and security risks are identified early in the process and drive comprehensive mitigation solutions.
• Report on oversight and assurance activities to senior management and escalate when necessary to ensure appropriate awareness and action to mitigate risk.

Preferred Qualifications

• Flexibility to attend work related meetings outside of typical working hours