IT Risk Manager

Description

• Performs activities to help with the buildout of the Controls Assurance methodology and framework specific to Control Assessments (design), Sample Based Control Testing (operational), and Controls Monitoring.
• Performs basic to complex IT Control Assessments including sample-based controls testing and technology reviews to ensure compliance with internal policies, security standards and regulatory requirements.
• Conducts accurate evaluations of the level of security required for complex systems and applications.
• Implement controls monitoring activities around Technology Controls identified during assessments.
• Builds out and implements reporting associated with Controls Assurance activities.
• Collaborate with user community to understand their risk, control, and compliance needs. May implement procedures to meet user needs.
• Acts as a subject matter expert to ensure that the user community understands and adheres to necessary controls within their environment to reduce risk.
• May perform root cause analysis of moderately complex to complex issues and determines the best course of action to remedy the problem.
• Performs operational monitoring activities including building out of monitoring activities and performing the monitoring execution.
• Supports additional Controls Assurance Activities.

Responsibilities

• • 8+ Years within an IT Risk or IT Audit role.
• • Excellent aptitude for IT Risk & Compliance concepts and methodologies with a focus on Control Assessments (design), Sample Based Control Testing (operational), and Controls Monitoring.
• • Must have strong Technology Audit experience.
• • Experience implementing a Controls Assurance framework including Control Assessments (design), Sample Based Control Testing (operational), and Controls Monitoring.
• • Must have solid ability to identify and assesses the severity and potential impact of control findings to risk owners in a way that consistently drives objective.
• • Advanced knowledge and understanding of information technology industry trends and emerging technologies and an ability to relate them to the company and its objectives.
• • Advanced knowledge of IT policies, laws, standards, and frameworks applicable to Controls Assurance specific to Control Assessments (design), Sample Based Control Testing (operational), and Controls Monitoring.
• • Knowledge of compliance frameworks including Sarbanes–Oxley (SOX)
• • Familiarity with different audit and governance frameworks (NIST, ISO, CIS Controls, etc.)
• • Experience working with GRC tools specifically ServiceNow IRM.
• • Solid working knowledge with MS Office.
• • Knowledge of how to use automated tools for data analytics and monitoring.
• • Knowledge of building out management reporting using several types of technology including PowerBI.