Job Description :
Scope:
Partner with key Technology Managers to monitor and manage various risk programs across the firm
Proactively manage risk metrics – focus on “at risk” or “exceeding threshold risks” – work with technology management to address root causes and remediate as required
Support technology teams in supporting firm-wide risk programs (e.g. delivering requested artifacts, verify completeness / accuracy)Partner with technology teams in the execution of Risk Control Self Assessments (RCSA)
Identify root causes of reported risks and partner to design remediation plans
Coordination with Technology Management in monitoring the execution, collection and completion of SOX control activities Partner with Technology Management and internal audit to identify and report self-identified audit issues
Provide support to Technology Management on all phases of audit activities and ensure active engagement with technology management to meet audit objectives. In addition, assist management in the validation of preliminary audit issues and the creation of remediation plans
Partner with Technology Management in the execution of quality assurance programs – ensure completeness of data and identify and monitor required remediation activities
As necessary, acts as a liaison for the department, maintaining effective and professional relationships with key business stakeholders, internal and external auditors, regulators, and others dealt with in a professional capacity.
Competencies:
7-10 years Technology Audit or Technology Risk experience (min)
Experience in the execution of Technology Risk Assessments, Audits and SOX 404 and 302 testing
Solid understanding of a risk control framework (i.e., inherent risks, control procedures, residual risk, etc
Ability to identify relevant key risk indicators to measure risk exposures (metrics reporting)
Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives.
Strong ability to analyze data to identify thematic issues / areas requiring improvement
Persistency, poise and perseverance to get things accomplished under pressure and within the set timelines
Interest and track record of ensuring accuracy, clarity and quality of work with attention to detail
Deputize for senior managers in various governance forums and committees in both technology and business at a FICC level
Understanding and knowledge of NFRR and transaction reporting compliance including industry regulations
Understanding of Global records management principles and their implications to the business
Detailed knowledge of SDLC and application governance
Ability to identify and validate operational losses and the parties impacted and responsible
Detailed understanding of Information security and the programs and disciplines that are encompassed in that.
Understanding of business continuity and recovery practices and ability to partner and challenge where needed
Gravitas to be able to challenge and debate in senior forums on risks and issues identified
Qualifications:
Essential: CISA, CRISC
Nice to have: CISSP