Information Technology Risk Management Officer
New York, NY 10017 US
This is a direct hire full-time role with a company that offers competitive compensation (130-145K+ bonus) in addition to a phenomenal benefits package.
In summary, within the Risk Management team you will focus on Risk Assessments of IT and Information Security applications and systems:
- Create detailed scope documents containing a reviews of IT processes and controls, including collection of evidence.
- Analyze processes and controls evidence against requirements.
- Consider and review existing self-identified issues and audit issues.
- Conclude with an inherent risk rating and residual risk rating, document all analysis and evaluations throughout the process, create a results report, and finally ensure that new self-identified issues are opened if gaps are identified.
- Complete an annual risk assessment, including sample control testing across the firm ensuring that:
- the risk assessments are focused on safeguarding customer information which identifies reasonable and foreseeable internal and external threats, the likelihood and potential damage of threats and the sufficiency of policies, procedures, and the security of related customer information.
- the risk assessments identify internet-based systems and high-risk transactions that warrant additional authentication controls.
- 5+ years of experience performing audits or risk assessments with strong IT risk assessment and/or audit experience.
- Experience as an IT internal auditor preferred but extensive IT Controls Risk Assessment experience is also acceptable.
- Extensive experience performing application and infrastructure layer control assessments.
- Strong knowledge and understanding of systems architecture, infrastructure, security, and applications.
- Ability to communicate IT risks assessment information to non-technical business leaders.
- Excellent writing skills required
- Certified Information Systems Auditor (CISA) is preferred.
- Completed Bachelor’s degree required.