Technology Risk Testing Manager – Vice President

Technology Risk Testing Manager – Vice President

Requirements

• Bachelor of Science required with a concentration in Computer Science or Information Technology.
• 8+ years audit/risk/compliance experience in the financial services industry, a regulator, or a self-regulatory organization.
• Experience leading and conducting Technology reviews.
• Investigative skills – inquiry and analysis, interviewing, testing, risk assessment capabilities
• Ability to research and resolve issues independently while working across teams to acquire information.
• Risk Management Knowledge – strong understanding of financial industry risk and control and the ability to critique relevant language.
• Strong analytical, organizational, and problem-solving skills.
• Ability to prioritize and work effectively on multiple reviews with different individuals at the same time.
• Ability to work independently, as well, as in a team.
• Strong verbal and written communication skills
• High degree of organization and attention to detail.
• Proficiency with Microsoft Word, Excel, PowerPoint, Adobe, SharePoint and ability to quickly learn automated systems.

Responsibilities

• Assist in the development and maintenance of the annual technology testing plan.
• Manage a team of technology risk testing personnel; monitor capacity and distribute work assignments to ensure timely delivery of assigned engagements.
• Develop and deliver engagement announcements.
• Review, approve, and deliver engagement scope memos.
• Lead engagement kickoff meetings for stakeholders; lead periodic engagement progress updates.
• Supervisory fieldwork-Oversee the day-to-day operations of the team’s testing activities:
• Review and approve new test scripts and recipe cards.
• Review technology risk testing personnel workpapers.
• Review and disposition potential technology risk test findings; engage stakeholders accordingly.
• Review proposed action plans and remediation requirements; engage stakeholders accordingly.
• Test execution fieldwork-Perform test activities in accordance with 2L NFR testing standards:
• Interview stakeholders, request and review pertinent policies, standards, procedures, KRI metrics, and other documents, and walk through relevant processes and control environments.
• Develop test scripts and recipe cards.
• Request and validate receipt of relevant data and samples for testing.
• Execute and document test activities in test workpapers.
• Identify and escalate potential test findings.
• Propose action plans and remediation requirements.
• Prepare test reports.
• Review, approve, and deliver final engagement and test reports.
• Track and confirm completion of action plans and their remediation requirements.
• Remain current on industry rules, regulations and best practices to make recommendations to the testing program.
• Develop and maintain effective working relationships with the business units as well as internally within the Legal, Compliance, and Operational Risk Department.

Preferred Qualifications

• Knowledge of global regulatory requirements like GLBA, GDPR, Part 30 Information Security, NYDFS etc. and technology control standards like NIST, FFIEC, COBIT, CIS etc.
• Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) designations are highly desirable.
• Other relevant industry certification in the Technology field (e.g. CISSP, cloud certifications, etc) are a plus.