Responsibilities:
Risk Management Strategy and Assessment
- Identify and assess SOX and operational IT risks within complex IT and Business processes and develop strategies to mitigate those risks.
- Partner with IT and Business leaders to design and implement IT General Controls (ITGCs) and IT automated and business controls to address critical risks.
- Develop and implement comprehensive technology risk and control governance frameworks and standards, ensuring alignment with industry best practices and regulatory requirements.
- Facilitate remediation of control deficiencies and gaps through providing leadership and guidance over the remediation lifecycle.
- Evaluate SOC1/SOC 2 reports for Third-party Applications and aid in the design and implementation of Complementary User Entity Controls (CUEC).
- Monitor changes in regulatory requirements and emerging technologies and provide guidance on their impact to the IT and Business control environment.
- Train IT and Business teams on the enterprise risk framework and standards.
- Prepares risk reporting for business and IT leadership review.
- Project Management
- Support the delivery of technology risk solutions within business processes by managing the product risk management lifecycle.
- Manage the execution of control development, design and testing activities, including coordination with internal and external auditors for new technologies.
- Collaborate with cross-functional teams to identify control objectives, control activities, and control owners to mitigate IT risks.
- Collaborate with IT development teams to ensure that IT controls are integrated into system development life cycle (SDLC) processes.
Qualifications:
- Bachelor's degree in information systems, Information Technology, Accounting, Auditing or a related field (Required)
- Advanced degree or relevant certifications (e.g., CISA, CISSP) are a plus.
Work Experience:
4-7 years’ experience in IT governance, risk and compliance with a specific focus on SOX and Operational risk management. (Required)
Knowledge, Skills and Abilities:
- Proficiency in assessing IT and Business SOX and operational risks and implementing effective control solutions (Required)
- Deep knowledge of IT General Controls (ITGCs), IT automated and Business controls, and their application in financial reporting and operational processes. Understanding of how applications, Operating systems, Databases work to implement IT General controls in Logical Access, Change Management and Computer Operations (Required)
- Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams and influence stakeholders at various levels of the organization (Required)
- Strong analytical and problem-solving abilities, with a keen attention to detail (Required)
- Ability to adapt to a dynamic and fast-paced environment and handle multiple priorities with a sense of urgency (Required)
- Communicates technical and functional risk management solutions effectively and efficiently (Required)
