TRCR Professional

Key Responsibilities

1. IT Risk Management

   :

• Organize, conduct, and perform

  technology and information security risk assessments

  to identify and evaluate risks in technology delivery areas and staff functions.
• Assist

  management

  in developing and implementing

  risk mitigation plans

  .
• Monitor compliance with the firm's

  IT security standards

  ,

  policies

  , and

  architecture

  .
• Collaborate with functional and technology teams to ensure regulatory compliances.
• Front-end interactions with internal and external

  auditors

  and

  regulators

  .
• Prepare

  monthly management summaries

  on

  end-user risk

  ,

  vendor risk

  ,

  technology infrastructure hygiene

  ,

  technology resiliency

  , and

  regulatory compliance

  status.
• Conduct

  monthly/quarterly risk meetings

  and

  periodic audit awareness sessions

  to drive

  risk awareness

  across teams.

1. IT Audit Management

   :

• Act as the liaison for

  internal management

  ,

  internal auditors

  , and business associates.
• Recommend revisions to

  audit procedures

  to enhance efficiencies.
• Review and analyze

  internal controls

  to evaluate their adequacy and recommend improvements.
• Perform walkthroughs and testing procedures, document testing results, and communicate findings to

  process owners

  .
• Evaluate the timeliness of management's response to audit recommendations and corrective actions taken.
• Conduct periodic reviews and assessments of control structures.

1. Skills & Competencies

   :

• Strong understanding of

  IT Risk Management

  and

  Audit Management processes

  .
• Ability to evaluate

  business processes

  and

  IT technology

  , identify risks, and evaluate controls.

• Clear oral and written communication skills

  for reporting and presenting findings.
• Good

  investigative

  and

  analytical skills

  for identifying and mitigating risks.
• Ability to work well in

  team environments

  and participate in department projects.
• Capacity to balance

  detailed analysis

  with overarching

  departmental goals and objectives

  .
• Expertise in conducting

  Security Health Checks

  integrated with

  ISF Benchmark

  using

  QIRAM

  (Quantitative Information Risk Assessment Methodology).
• Ability to manage multiple tasks/projects simultaneously, balancing priorities and deliverables.

1. Certifications & Experience

   :

• Desirable certifications:

  CRISC

  ,

  CISA

  , or equivalent.
• Proven experience in

  IT risk management

  and

  IT audit procedures

  .