Senior Third Party Risk Management Analyst
Prestigious Enterprise Company is currently seeking a Lead IT Auditor.
Candidate will assist with the development, implementation and execution of an IT third party risk management program. The IT Risk Senior will report directly to the IT Third Party Risk Management Manager. Working closely with the teams that represent each IT Department, the Manager will manage teams that are responsible for the consistent and logical application of key components of the IT Risk Management Framework for the IT Division. This position requires that the applicant have a strong understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance within a large institution.
- Understanding how to develop and execute a Third Party IT Risk Management program.
- Understanding and managing Information and Technology risk associated with the operational processes for the IT division.
- Apply sound judgment in evaluating risks and controls; effectively challenge the business on the identification and acceptance of risks and the adequacy of controls.
- Perform risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.); Identify and assess control effectiveness and/or gaps.
- Providing transparency of risk exposures through implementing sound reporting for risk-based decision making.
- Advise the IT customers on means and methods to drive remediation of risk related issues and operational events.
- Provide mentorship to team of risk professionals.
- Reporting of IT risk metrics and data.
- Extensive experience working with SOX, practical experience in internal/external audits, risk management - methods and techniques for the assessment and management of risk.
- Bachelor's Degree or equivalent work experience.
- Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and communication skills.
- Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles.
- Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.
- CISA, CPA, CIA, PMP, CISSP or other relevant professional certification
- Financial Services experience
- IT Risk management experience
- Knowledge and skills across:
- SACA Risk IT framework
- ISACA COBIT 5.0
- ISO 31000-series and 27000-series, 13335