We are looking for individuals who are experienced in conducting independent evaluations/assessment of risk and controls within highly IT technical environment. The individuals need to be versed and have thorough experience in IT infrastructure and Information Security. All of this includes performing walkthroughs of risk/controls, producing documentation (detailed written descriptions of walkthroughs and process maps), with final output requiring minimal rework.
- Bachelor's Degree: Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics, or equivalent field
- 8+ years of Risk Management, Internal Controls, Auditing, Technology Risk in financial services and/or legal or regulatory experience
- Experience with SOX/PCAOB
- Experience reviewing and reporting using SSAE 16 SOC reports
- Advanced understanding of the regulatory environment and how the risks of the products and services the bank offers are viewed by the Second Line of Defense and regulators
- Foundational understanding of BSA/AML and OFAC regulations, regulatory expectations, and industry leading practices
- Knowledge of the financial services sector, particularly with the competitive dynamics and products in retail banking and risk management.
- Risk Certifications (i.e. CISA, CISM, CISSP, etc.)
- Probes for additional information, clarifies assumptions and confirms agreed-upon actions.
- Displays natural skepticism and curiosity to question the status quo and uncover issues.
- Adheres to a good root cause analysis process.
- Executes risk management process and procedures without management direction and demonstrates awareness of expected results.
- Has a foundational understanding of regulations impacting area supported.
- Follows through to meet commitments to others; takes responsibility for achieving strong results, despite balancing multiple complex demands,
- Stays current with industry and regulatory trends and emerging risk issues.
- Has foundational understanding of current market and competitive landscape that the organization operates within.
- Uses information and data effectively to support a position and present a rational case for stated risk