IT Risk Specialist - Cyber Security (8-14 yrs)

Key Responsibilities and Duties :

- Work closely with manager to align on second line of defense challenge strategy, prioritization of work activities, status of execution of work assigned and obstacles encountered to ensure delivery timelines are achieved.

- Support enterprise risk programs to help ensure appropriate execution and risk mitigation activities are occurring. These programs include Risk Control Self-Assessment (RCSA), Holistic Issue Management (HIM), Supplier Risk Management (SRM) and Business Continuity Management (BCM).

- Responsible for working closely with first line of defense SMEs and risk partners to perform independent risk assessments, maturity assessments, evaluate control effectiveness and align on risk mitigation actions required. Ensure adherence to relevant regulatory requirements (e.g. NY DFS, FFIEC) is achieved.

- Promote proactive self-identification of issues with first line owners and provide support to their teams as needed, to ensure that appropriate issues and management actions are in place to mitigate the risk to an acceptable level.

- Perform analytics on various data sources to support risk reporting, to identify potential control breaks and to determine if relevant risk appetite is breached.

- Assist with the identification of new KRIs, KPIs or KCIs as needed, to ensure that metrics coverage for key control areas is sufficiently comprehensive.

- Monitor key initiatives to confirm the status of control enhancements being implemented and to ensure updates to impacted RCSA control programs are addressed.

- Review the root cause analysis (RCA) for major technology incidents to identify and highlight potential thematic concerns and identify instances where control strengthening is required.

- Provide support to management for producing risk management committee materials, metrics reporting and other related analysis, as needed.

- At least 8 years of experience in one or more of the following disciplines : IT Risk Management, IT Audit, Information Technology or Cybersecurity functional areas.

- Strong technology acumen, critical thinking, and analytical skills.

- Working knowledge of industry IT or security control frameworks and experience in performing Risk Assessments.

- Understanding of technology operations/processes, as well as experience with evaluating technology-related risks and controls.

- Strong verbal/written communication and time management skills.

Preferred Qualifications :

- Certifications : CISSP, CRISC, CISM, CISA or equivalent

- Working knowledge and experience with various cloud service models (IaaS, PaaS, SaaS) and controls.

- Knowledge of application development lifecycles and methodologies (e.g. Agile), as well as change management processes.

- Relationship management skills to build trust and effective working relationships with 1LoD partners.

- A "self-starter" and the ability to demonstrate flexibility with assignments.