IT and Operational Risk Management, Associate Director
Full Time
San Francisco, CA
Posted
Job description
LOCATION
San Francisco, CA
TYPE
Direct Hire
ID
777
POSTED
Feb 28, 2023
IT and Operational Risk Management, Associate Director
San Francisco, CA (2-3 days onsite/week)
Ref#777
San Francisco, CA (2-3 days onsite/week)
Ref#777
A bank is seeking a risk-oriented Associate Director to join their ERM department, to help mature their IT Risk Management (“ITRM”) and Operational Risk Management (“ORM”) practices. The hired candidate will report to the Senior Director, IT and EUC Risk Management, as part of the ORM team. This role has a significant impact and influence in bank-wide strategic decision-making.
Responsibilities include:
- Help mature and execute an IT and IS risk management framework.
- Leverage ERM, ORM and ITRM frameworks and partner with IT and IS teams to further mature the second line of defense IT risk assessments, document controls, identify gaps, and create action plans for critical IT and IS processes, including validation and testing to ensure IT risk programs are implemented and executed appropriately.
- Support the risk assessment process for IT and IS risks; make risk-tailored recommendations for remediation efforts and continuous monitoring through the creation of KRI/KPIs.
- Complete risk assessments of critical technology implementations (e.g., Cloud Computing, hybrid infrastructure models, and Active Directory).
- Establish collaborative relationships with key business owners.
- Work with the Data Science team to help embed data-driven metrics and decisions within ERM;
- Help assess enterprise and emerging risk issues, including assignment of risk ratings.
- Perform transaction testing to evaluate the prudence of strategic planning, the effectiveness of risk management processes, and the quality of management information reporting practices.
Qualifications include:
- Risk management certification - Certified Information Systems Auditor (CISA), Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA).
- 7+ years performing IT/IS/ORM risk assessments and control testing leveraging IT/IS Frameworks and Standards (e.g., FFIEC, NIST CSF, ISO, COBIT, ITIL).
- Experience with ORM and ITRM Frameworks
- Knowledge of IT Risks associated with SDLC System Development Lifecycle, DevOps Development Operations, Agile Development Processes, Infrastructure, Security Operations/Engineering, BCM/CM etc.
- Experience leveraging GRC platforms.
- Regulatory experience preferred.
New employees must be able to provide proof of vaccination on their first day of work. Compensation commensurate with experience. Must be authorized to work in the U.S. (citizen or permanent resident). Local candidates preferred.
Third party candidates will not be considered for this position. Applicants are considered for positions without regard to race, religion, gender, native origin, age, disability, or any other category protected by applicable federal, state, or local laws.
gatheringourvoice.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, gatheringourvoice.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, gatheringourvoice.org is the ideal place to find your next job.