Senior Control Management Specialist
Mandate Skill: Risk Assessment, IT / Infor Sec Risk Management exp, Communication & Risk certification - CISA, CRISC, CISM
In this role, you will:
- Participate in identifying, assessing, managing, and mitigating current and emerging risk exposures within Control Management functional area for the targeted Technology Division.
- Provide risk management consulting to support the business in designing and implementing risk mitigation strategies, business processes, and business controls.
- Perform Control design and governance activities for Technology processes and on high-risk initiatives and partner with stakeholders to develop and implement control improvements to mature the technology risk and control framework across Technology and the firm.
- Monitor moderately complex business specific programs and provide risk management consulting to support the business in designing and implementing risk mitigation strategies.
- Understand and define KRI's, track and prepare monthly reports to present the status to business leaders with appropriate remediating action if any required.
- Ability to analyze problem incidents and root causes to identify structural issues and present to business for remediation.
- Monitor, measure, evaluate, and report on the impact of decisions and controls to the relevant business group or functional area.
- Collaborate with relevant business group to identify current and emerging risks associated with business activities and operations.
- Partner with Second and third line of defense to inform, educate, and collaborate.
Required Qualifications:
- 6+ years of experience in Risk Management, Control Management, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
- Bachelor's Degree or equivalent; regulatory experience is a plus.
- Ability to develop, design and write technology controls aiming to reduce risk.
- Good understanding of the IT Security architecture , IT/IS controls.
- Understanding on COBIT, NIST, Regulations etc.
- Have understanding of Business Continuity and Disaster Recovery.
- Strong risk and control fundamentals, knowledge of frameworks and methodologies, common implementation challenges.
- Experience in evaluating the adequacy and effectiveness of policies, procedures and controls.
- Experience in assessing risk, writing issues, and developing appropriate corrective actions.
- Demonstrated experience with both strategic and tactical approaches to risk management.
- Professional certifications such as CSCP, CRCM, CGEIT, CRISC, CITP, CISA, CISSP, CIA a plus.
- Analyzing current risks in IT processes and identifying potential controls that can handle those risks.
- Development and/or evaluation of technology governance programs, policies, standards and procedures.
- Ability to interact with all levels of an organization.
- Strong communications skills both written and oral; able to broker agreements amongst diverse, differing, competing, and/or conflicting perspectives/priorities.
Didn’t find the job appropriate? Report this Job