Sr. Assoc, Tch Risk & Info Sec Professionals

• The Second Line of Defense (2LOD) Controls Testing partner will be an individual contributor who will work closely with peers, stakeholders, and their manager on the Second Line s Controls Testing program focused on Cyber , Technology, and Non-Technology Controls.

Responsibilities will include:

• Test, validate, and assert to Business and Application Owners the control testing methodology and test procedures, ensuring that all documentation is accurate and complete
• Perform 2LOD validation work, including plan preparation, maintenance of workpapers, identification of findings, and reporting results to risk committees
• Manage day-to-day risk issues related to the design and implementation of new controls, working with various teams to ensure proper execution
• Examine cyber and non-cyber risk controls, evaluate their design and operational effectiveness, determine exposure to risk, and partner with the business to develop remediation strategies
• Assess risk as a Second-Line governance role through the Risk and Control testing, Risk Identification, and Change Initiative Risk Assessment processes, as applicable
• Provide Second-Line risk and control testing findings to Risk Management leadership and risk committees, ensuring timely communication of identified issues
• Demonstrate understanding of the Three Lines of Defense governance model and apply it consistently throughout testing activities
• Effectively communicate operational and technical findings and control issues to executive and business leadership, using language relevant to and understandable by the business
• Apply strong risk assessment framework knowledge and experience to identify key risks and controls, performing thorough risk assessments
• Exhibit strong project management skills, adapting to change quickly, managing multiple tasks, and demonstrating flexibility in prioritization
• Maintain a strong working knowledge of banking/financial regulatory requirements to ensure appropriate levels of testing

Qualifications:

• 24 months as Technical Coordinator/Associate Consultant
• 5-8 years of IT Audit experience, including but not limited to Cyber Resilience, Cyber security, Risk Management, IT Risk and Control, and/or IT Audit
• CISSP, CISM, CISA, CRISC, or equivalent certifications highly preferred
• Strong working knowledge of inherent cyber risks in the financial services industry
• Cloud, MFA, password vaulting (e.g., Cyber Ark), and Secure SDLC experience
• Analytical and communication skills required to summarize and analyze complex information
• Organizational skills required to coordinate risk-related activities with peers and senior executives
• Advanced Microsoft Office 365 skills and familiarity with risk management/GRC platforms (e.g., ServiceNow, Fusion) to track, manage, and report control issues