This role is instrumental in the management and mitigation of information security risks within the organization, with a focus on ensuring compliance with established security frameworks. As a valuable member of our IT Control & Assurance team, you will play a pivotal role in coordinating and facilitating internal and external IT audits, while also contributing to the enhancement of our security posture. This role involves collaboration with cross-functional teams and counterparts globally to drive continuous improvements in information security practices.
Key Responsibilities
- Oversee and maintain a robust risk control framework aligned with our Information Security Governance Plan, encompassing relevant control frameworks such as COBIT and other industry standards.
- Collaborate as a key liaison for internal and external audit activities, meticulously collecting and presenting operational evidence, and guiding the execution and closure of audit action items.
- Engage with the Information Security Center of Excellence and the Second Line of Defense to address critical issues and contribute to strategic projects.
- Perform comprehensive risk assessments, analyze data, and present findings to management, offering insights and recommendations for risk mitigation.
- Champion the reporting of security enhancement requirements and provide advisory input on the evolution of standards and procedures.
- Evaluate and refine Information Security procedures while offering implementable suggestions.
- Extend First Line of Defense IT Risk counsel within the IT Control & Assurance team, including collaboration on Client and Third Party inquiries.
- Foster productive collaboration with global IT teams, participating in initiatives, projects, and operational tasks.
Qualifications
- Bachelor's degree or equivalent experience
- Minimum of 3 years of hands-on experience in IT Risk management, including exposure to internal and external audits
- Preferred certifications: CISM, CISA, CISSP, CRISC, or CGEIT
- Previous experience in regulated, financial, or IT industries is advantageous
- Proficiency in NIST, COBIT, and ITIL frameworks; substantial familiarity with NIST is highly desirable
- Sound understanding of the Audit Lifecycle
- Familiarity with Information Security best practices, especially in the financial services sector
- Knowledgeable about IT systems, processes, and regulatory requirements
- Exceptional written and verbal communication abilities, capable of engaging stakeholders across all levels of the organization
- Meticulous attention to detail and adeptness in documentation
- Proficiency in Microsoft Office suite
- Experience with Atlassian Products (Jira, Confluence) and ServiceNow is a plus