T&T |CST| Risk and Control Testing | AM

Project Role: Risk control testing

Responsibilities include:

This role conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. Role includes and is not limited to:

- SOX,Cloud,AI Control Testing of IT/IS controls

- Testing Approach Review and Process Documentation

- Develop methods to monitor and measure risk, compliance, and assurance efforts.

- Develop operating model and specification to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.

- Draft statements of preliminary or residual security risks for system operation.

- Monitor and evaluate a systems compliance with information technology (IT) security, resilience, and dependability requirements and assess the effectiveness of security controls.

- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.

- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.

-Review existing Risk control testing approach and methodology used by client to identify areas for improvement based on IT risk & control frameworks and industry good practices.

-Develop templates to facilitate the control testing and the documentation and reporting of the control testing outputs in line with the refined control testing approach and methodology

-Liaise with designated stakeholders to identify the prioritised set of controls and document repeatable test scripts for testing design effectiveness ( DE ) and operational effectives ( OE ) of prioritised IT and IS controls.

Qualifications

Bachelor s degree (or equivalent experience) with minimum 2-5 years of experience in IT risk and control testing, Risk and compliance. Preferably with global banking clients.

- CRISC or CISA Certified Mandatory, CISSP certification Desirable

- Information Systems/Network Security

-Understanding of NIST, ISO, COBIT or equivalent cyber security framework.

- Information Technology Assessment and Risk Management

- Information security systems Testing and Evaluation