The Technology Risk Assessment Lead will be responsible for operational and risk strategy programs within the IT segment. Direct self-monitoring and proactive testing via execution of periodic risk assessments. Evaluate effectiveness of controls and escalate as appropriate. Oversee and ensure the administration of operational and regulatory risk strategy programs supporting multiple IT segments. Evaluate the adequacy and effectiveness of enterprise and regulatory controls and the resulting risk and control self-assessments. Deliver timely escalation of all issues requiring attention to senior management. Work with business segment management to ensure that the overall risk function is effectively supporting strategic goals. Collaborate with Audit/Corporate IT Risk/Segment CIO leadership teams to address issues with plausible action plans and target dates. Act as the central point for receipt and distribution of important risk information for the business segment. Develop and deliver periodic Risk updates to segment leadership teams. Ensure business segment adheres to corporate and business unit policies and procedures.
The Technology Risk Assessment Lead will work with business segment management to ensure that the overall risk function is effectively supporting strategic goals. Primary risk support will be for the Segment Chief Information Officers (CIOs) covering the Technology and Cybersecurity business segments.
Detailed Description
Perform Risk Assessments of IT systems in development by engaging with project/segment teams for high priority projects; Serve as the Risk voice.
Partner with project teams to communicate security and control requirements and provide both oversight and support to determine if these requirements are met through the development cycle, escalating concerns as necessary.
Partner with Technology Segment Risk Manager, Sr to build and maintain relationships with key stakeholders of the pre-deployment risk assurance program, including the Technology Segment Risk Officer (SRO), the broader Technology Risk team, the IT Project Management Office, Enterprise Architecture, Information Security, regulators and Internal Audit.
Develop and deliver periodic Risk updates to segment leadership teams via monthly segment Operational Reviews
Collaborate with Audit/Corporate IT Risk/Segment CIO Leadership teams to address issues with appropriate action plans and target dates that remediate root causes.
Participate in Technology Risk Committee and other oversight and governance groups as assigned.
The primary service of maintaining the universe of risk assessments across Cyber and Enterprise IT
Ensuring coverage alignment with FFIEC guidance
Aligning schedules with regulatory and audit calendars
Working with Delivery and Risk Partners to understand active work and progress against the schedule
Ensuring appropriate coverage of risk assessment domains over a defined time period.
Basic Qualifications Bachelor's degree
Min 5 years of experience in a Technology Risk position, primarily in a technology, cybersecurity or infrastructure environment
Preferred Qualifications
Problem Solving and Critical thinking
Strong Written and Verbal Communication skills
Ability to Identify root cause and proper solution
Strong research and analytical skills
Ability to multi-task and work in a fast pace environment, manage projects