The Cyber security and Technology controls Adoption Readiness Assessment team manages planning and execution of technology platform assessments as well as ensure readiness and remediation across all applicable technology platforms at the bank. This role will be performing testing around IT General and Application Controls which will require liaising with various stakeholders -- including Technology management, Technology Risk & Controls as well as external / internal auditors -- to help facilitate execution and reporting across the global technology and technology risk functions. Successful execution of responsibilities requires IT Audit experience and the ability to multiple stakeholders at all levels (e.g., Product Owners, Engineers, etc.)
Job Responsibilities:
- Assess and perform IT general control and application control testing; facilitate identification of findings, relevant compensating controls, remediation, validation, and closure of findings within defined timeframes
- Lead the execution of multiple controls adoption readiness assessments performed by various members of the team
- Evaluate the functionality of existing and new technology platforms to drive adherence to control standards
- Track and communicate overall progress of various program, ensuring complete and timely reporting on program status to senior management stakeholders
- Identify and facilitate remediation of key risks impacting controls audits prior to initiation of external audit
- Work with internal and external stakeholders to understand and document various current-state control processes and process flows
- Examine results of internal / external audits for potential cross-impacts on other programs
- Promote development of educational guidance & resources for use by Technology Risk & Controls and Technology personnel
- Ensure quality standards are achieved in development and maintenance of program documentation
Required Qualifications, Capabilities, and Skills :
- Formal training and7+ years of IT controls experience as a practitioner / lead with a “Big Four” or top IT consulting firm. Manager level audit experience required
- Hands-on experience in performing audits of IT general controls (SOx / SOC 1 / SOC 2), including but limited to: IT infrastructure layers such as OS (Linux, Unix, Windows) and databases (Oracle, MySQL, etc.)
- Strong capacity for interpreting architecture diagrams and understanding new technologies, both through workshops and independent research, in order to scope and identify areas of potential control bypass
- Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection
- Ability to identify and define key control risks and recommend solutions to increase the technology controls posture
- Ability to simultaneously lead multiple on-going assessments across different groups of stakeholders
- History of successfully leading teams and developing the skillsets of the individuals reporting into you
- Good presentation skills. Strong organizational, verbal and written -- including documentation and reporting -- communication skills
- Ability to lead meetings, problem solving to identify solutions to issues and deliver quality results in a deadline-driven environment .Ability to work effectively in a global team environment and drive results in a matrixed organization
Preferred Qualifications, Capabilities, and Skills:
- Hands-on experience with auditing:
- Public/private Cloud technologies (Cloud Foundry, AWS, Azure, GCP, etc.)
- Technology platforms (ServiceNow, Jenkins, SailPoint, etc.)