Technology Risk Assessor

Description

Overview
The Enterprise Infrastructure Technology Risk Management team is looking for a Technology Risk Assessor. This position will focus on control, audit, and compliance oversight, all of which are critical to mitigate risk across EIs core services and transformation efforts. This individual will provide advanced technical assistance on risk related systems issues and serves as business unit liaison for technology risk management program. This role will include driving assessment of emerging and existing technology risk, risk oversight and assessment of adherence to technology Policy & Standards, and proactive risk mitigation.
Primary Responsibilities Providing advice, guidance and IT risk program management Assessing the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation Determining appropriate KPIs/KRIs for IT risk monitoring Ensuring that associates are trained and knowledgeable about information technology controls Tracking action steps and ensuring that findings are remediated appropriately and in a timely manner Conducting proactive readiness reviews over large information technology development projects ensuring appropriate systems development lifecycle methodologies are being applied and followed Build and maintain collaborative working relationships with Information Technology and Business personnel to design and assist in the execution of appropriate controls design and monitoring Influence information technology leaders leveraging a proactive approach and processes in the effective review and management of controls to mitigate risk Skills and Knowledge 5+ years of experience in technology, technology risk / information security disciplines Prior Risk administration experience Proven ability and desire to work within a teamenvironment, and with field leadership to assess current state, and make adjustments/improvements to practices and policies as needed Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network, resiliency, etc.) Expertise in Technology Controls / Policies & Standards (e.g., NIST, ISO 27001, ISO 20000) would be ideal but not required Prior audit management experience (internal & external (e.g., SOC,SOX) would be ideal but not required Knowledge of information technology processes and controls and a comprehensive understanding of risk and quality control and assurance functions Strong process orientation and understanding of operations and technology enabling candidate to provide proactive support in the analysis, development and monitoring of controls