The Sr Associate, Cybersecurity IT Risk Mgmt. is responsible for supporting the day-to-day operations of the APAC Infosec and Governance Oversight team and working with risk and control teams in other global sites to establish and maintain a highly effective IT control environment.
The role will report to the Senior Manager, Cybersecurity IT Risk Mgmt. and will be part of a dedicated and outstanding team that focuses on promoting control awareness and appropriately manage risks within the global information technology organization. The individual will also support in coordinating Cybersecurity program efforts across all the business units and countries in the region, and education on cybersecurity awareness including audit engagement.
Responsibilities -
- Responsible to ensure compliance with Technology related regulatory / statutory requirements
- The individual should have demonstrated technical expertise in the broad skills of Cybersecurity, SSDLC, I&AM, Third Party Risk Management, Vulnerability Management, Cloud Services, Web Application Firewall, Program Management, Developing Metrics and Reporting, Infosec Governance and Risk Management, Access Controls, AppSec, Cryptography, Security Architecture and Compliance. Work closely with IT directors and Control Officers on IPTs, Controls automation and monitoring
- Coordinate both internal and external audit engagements, facilitate evidence gathering requirements, ongoing vetting of issues identified by Internal Audit with Control Owners including appropriate action plans and remediation / milestone dates
- Advise on how to apply and interpret standards and controls, considering threats, risks, trends across the organization, and compensating controls
- Support risk assessment activities serving as a subject matter expert on understanding the risk and providing support in elevating the risk treatment for approval.
- Support the Issue Management process Audit | Regulatory | Self-identified. Review the management action plan proposed by the accountable/responsible technology owner. Challenge and provide advice on audit remediation plans. Facilitate discussion of Technology accountable audit issues at the Issue Remediation Council.
- Leverage automation and analytics to build state of the art control testing and continuous control monitoring platform.
- Manage execution of risk and control self-assessments, identification and evaluation of inherent risks, control strength and residual risks of key IT controls, and success execution of risk-based control testing program.
- Work with other leaders within Norther Trust s technology management and three lines of defenses to assist in timely addressing control gaps, identifying potential opportunities for improvement, and advising on info security control designs for large complex programs (e.g., cloud, API, third-party vendor oversight, data governance). Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.
Knowledge and Skills -
- In-depth understanding and experiences of information security, IT regulatory/ statutory compliance, IT audit and/or IT risk management principles and infosec.
- In-depth understanding of IT risk assessments and control testing. Experiences of GRC systems (e.g., ServiceNow) preferred
- Experience in automation and data analytics preferred.
- Strong collaboration and relationship management skills.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Highly flexible and adaptable to change, technology forward thinking.
- A bachelor s degree in engineering, Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline.
- At least 6 - 8 or more years of technology risk management, Info security and control functions, audit services experience, or similar experience with transferable skills. Financial Services industry experience is a plus. Certification in IT Security viz CEH / CISA / CISSP / CISM preferred.
