Client: Banking Financial Services
Title: IT Risk & Controls Consultant
Duration: 12 Months
Location: New York, NY
Job Overview:
The Enterprise Risk Management (ERM) team within GRM is seeking a Technology Risk & Controls Manager to support several operational resilience remediation initiatives in relation to the upcoming Digital Operational Resilience Act (DORA) regulation.
Responsibilities will include:
- Enhance, embed, and mature ERM’s technology risk and controls framework.
- Assist in development and implementation of ERM strategy, tools, policies, and procedures for identifying, capturing, and assessing technology related risks and controls.
- Assist in verifying and documenting the technology risk and control inventory
- Work with Divisional and Business Unit Technology to drive risk frameworks and assessments related to the products and the surrounding infrastructure.
- Support the production of annual risk and control self-assessments of the technology risk environment.
- Assist in the identification of quantitative and qualitative technology risk metrics.
- Create technology risk reporting and dashboards.
- Support BU Risk Officers in risk reporting to senior management.
- Support BCM/Operational Resilience enhancements.
Skills, Requirements, and Competencies
- 8+ years’ experience in technology risk management, technology audit and/or compliance in the financial services industry within capital markets.
- Strong understanding of (technology) risk management principles and internal control framework.
- Experience in implementing and supporting a technology risk management framework and/or technology internal controls framework in a complex organization.
- Ability to evaluate operational or technological measures to assess risks and effectiveness of controls.
- Experience in creating, implementing, and maintaining (technology related) policies, procedures, guidelines, standards, and best practices.
- Good understanding of (technology) risk management frameworks, including COSO, COBIT, NIST and ISO 27001.
- Understanding of operational resilience concepts and experience working on operational resilience related (regulatory) programs (e.g., PRA/FCA/BoE Operational Resilience, DORA)
- Innovative, strategic thinker.
- Inquisitive nature with high attention to detail and ability to seek out information.
- Action and results-oriented with ability to drive results and effect change.
- Strong communication, facilitation and influencing skills; ability to articulate and communicate complex ideas and concepts in a clear, concise, and structured manner.
- Strong organizational skills and ability to successfully multi-task and prioritize work.
- Ability to pro-actively cultivate relationships and collaborate with multiple stakeholders, including business leaders, legal, internal audit, and technology across regional locations.
- Advanced Microsoft Office skills