Tech Ops / Cyber Security Risk Manager
Our client is looking to hire a forward-thinking Risk Manager with a high level of expertise in Cyber and Technology Risk that will join the Operational Risk organization to manage the 2nd line of defense governance, processes, policies and tools.
This role is responsible to evaluate and provide an independent assurance over Cyber and Technology risk, maintain an active view, and report on the actual, mitigated, and residual Cyber, Technology and Data risk in the organization.
This role includes but not limited to risk assessments, life-cycle practices, incident assessment and response, assess the accuracy, completeness, and sufficiency of the processes, risks and controls and adherence to regulatory expectations.
This individual will manage a Team of risk specialists.
Coverage areas include:
IT Infrastructure support models, data management, capacity management, vendor management, business continuity and disaster recovery, and IT security alignment to IT Risk The individual will have the communication and relationship skills necessary to actively interact with C-Suite executives, Examiners (FRBNY, NYDFS), and Internal Audit Day to day includes but not limited to:
Assess the accuracy, completeness, and adequacy of the processes, risks and controls supporting the firm's applications, support models, release management, capacity management, oversight and governance Recommend enhancements to technology architectures, processes and controls to improve cyber and technology risk management capabilities for high-risk processes, regulatory reporting and risk oversight Identify legal, regulatory, and organizational policies and standards related to IT management systems to determine their potential impact on the business objectives Expand operational risk processes and data collection tools to track, report and assess operational risks and issues Review operational risk events and IT Incidents and perform a review and challenge on the adequacy of the remediation proposed by the 1st line of defense Participate in the cyber and technology incident response and escalation processes Develop Cyber and IT risk scenarios for stress testing and capital planning activities Must Have:
Previous work within Risk Management, Cyber Security and Technology Bachelor and/or Masters Degree in Computer Science, Engineering or relevant technical field Understanding of financial services specifically within risk and regulatory domains Strong foundation in information technology and information security principles Requires broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure Experience in assessing design and operating effectiveness of technology controls Data architectures including reference/master data, transactions/messaging, and unstructured content Operational risk framework components including risk event collection, RCSA, process/risk/controls, Issues Management, Scenario Analysis Experience leveraging IT risk frameworks such as:
COBIT5, COSO, ISO27001, NIST and/or data management frameworks i.
e.
, DCAM/CMM-DMM Professional credentials as CGEIT, CRISC CISSP, CISM, etc.
Expertise in financial regulations Hands-on experience with GRC platforms (i.
e.
, Archer), architectures, and tools Ability to perform root cause analysis and document remediation Strong leadership skills with ability to lead by influence Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences High degree of initiative, dependability, and ability to work with little supervision Nice to Have:
Knowledge of US IT Security regulatory requirements and environment in financial services industry a plus (i.
e.
FFIEC, FIRNA rules, SEC, NIST frameworks) Recommended Skills Auditing Business Continuity And Disaster Recovery Business Planning Capacity Management Cash Or Share Options Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
This role is responsible to evaluate and provide an independent assurance over Cyber and Technology risk, maintain an active view, and report on the actual, mitigated, and residual Cyber, Technology and Data risk in the organization.
This role includes but not limited to risk assessments, life-cycle practices, incident assessment and response, assess the accuracy, completeness, and sufficiency of the processes, risks and controls and adherence to regulatory expectations.
This individual will manage a Team of risk specialists.
Coverage areas include:
IT Infrastructure support models, data management, capacity management, vendor management, business continuity and disaster recovery, and IT security alignment to IT Risk The individual will have the communication and relationship skills necessary to actively interact with C-Suite executives, Examiners (FRBNY, NYDFS), and Internal Audit Day to day includes but not limited to:
Assess the accuracy, completeness, and adequacy of the processes, risks and controls supporting the firm's applications, support models, release management, capacity management, oversight and governance Recommend enhancements to technology architectures, processes and controls to improve cyber and technology risk management capabilities for high-risk processes, regulatory reporting and risk oversight Identify legal, regulatory, and organizational policies and standards related to IT management systems to determine their potential impact on the business objectives Expand operational risk processes and data collection tools to track, report and assess operational risks and issues Review operational risk events and IT Incidents and perform a review and challenge on the adequacy of the remediation proposed by the 1st line of defense Participate in the cyber and technology incident response and escalation processes Develop Cyber and IT risk scenarios for stress testing and capital planning activities Must Have:
Previous work within Risk Management, Cyber Security and Technology Bachelor and/or Masters Degree in Computer Science, Engineering or relevant technical field Understanding of financial services specifically within risk and regulatory domains Strong foundation in information technology and information security principles Requires broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure Experience in assessing design and operating effectiveness of technology controls Data architectures including reference/master data, transactions/messaging, and unstructured content Operational risk framework components including risk event collection, RCSA, process/risk/controls, Issues Management, Scenario Analysis Experience leveraging IT risk frameworks such as:
COBIT5, COSO, ISO27001, NIST and/or data management frameworks i.
e.
, DCAM/CMM-DMM Professional credentials as CGEIT, CRISC CISSP, CISM, etc.
Expertise in financial regulations Hands-on experience with GRC platforms (i.
e.
, Archer), architectures, and tools Ability to perform root cause analysis and document remediation Strong leadership skills with ability to lead by influence Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences High degree of initiative, dependability, and ability to work with little supervision Nice to Have:
Knowledge of US IT Security regulatory requirements and environment in financial services industry a plus (i.
e.
FFIEC, FIRNA rules, SEC, NIST frameworks) Recommended Skills Auditing Business Continuity And Disaster Recovery Business Planning Capacity Management Cash Or Share Options Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
