Title: IT Risk Assessment (Lead)
Location: Columbus, Ohio (Hybrid) 3 days onsite and 2 days remote
Hybrid Position/- Teams Interview
Job descriptions:
The Technology Risk Assessment Lead will be responsible for operational and risk strategy programs within the segment responsible for first line of defense. Development of a Risk Universe for the segment will be a primary objective of the role. Elements of the Risk Universe Framework will include a procedure for performing targeted risk assessments which could include direct self-monitoring and proactive testing, evaluating effectiveness of controls with escalation as appropriate, and repeatable templates.
The ideal candidate will also oversee and ensure the administration of operational and regulatory risk strategy programs along with updates emerging from new and revised compliance frameworks. Responsibilities will also include working with business segment management to ensure that the overall risk function is effectively supporting strategic goals. Lastly, the candidate will develop and deliver periodic Risk updates to segment leadership teams including programmatic updates to the Risk Universe, internal and external risk trends, and compliance framework updates.
Primary risk support will be for the Segment Chief Information Officers (CIOs) covering the Technology and Cybersecurity business segments.
Detailed Description:
- Perform Risk Assessments of IT systems in development by engaging with project/segment teams for high priority projects; Serve as the Risk voice.
- Partner with project teams to communicate security and control requirements and provide both oversight and support to determine if these requirements are met through the development cycle, escalating concerns as necessary.
- Partner with Technology Segment Risk Manager, Sr and Director to build and maintain relationships with key stakeholders of the pre-deployment risk assurance program, including the Technology Segment Risk Officer (SRO), the broader Technology Risk team, the IT Project Management Office, Enterprise Architecture, Information Security, regulators and Internal Audit.
- Develop and deliver periodic Risk updates to segment leadership teams monthly
- Participate in oversight and governance groups as assigned.
- The primary service of maintaining the Risk Universe across Cyber and Enterprise IT
- Ensuring coverage alignment with FFIEC guidance
- Aligning schedules with regulatory and audit calendars
- Working with Delivery and Risk Partners to understand active work and progress against the schedule
- Ensuring appropriate coverage of risk assessment domains over a defined time period.
Basic Qualifications:
- Bachelor’s degree
- Minimum 5 years of experience in a Technology Risk position, primarily in a technology, cybersecurity or infrastructure environment
Preferred Qualifications:
- Problem Solving and Critical thinking
- Strong Written and Verbal Communication skills
- Ability to Identify root cause and proper solution
- Strong research and analytical skills
- Ability to multi-task and work in a fast-paced environment, manage projects
- Familiar with SLDC process and project management
- Proficient in MS Office
- CISA, CISSP, or CRISC preferred
You can reach me at akilesht@devcare.com