Job description
LOCATION
San Francisco, CA
POSTED
Feb 28, 2023
IT Risk Compliance, Director
San Francisco, CA (2-3 days onsite/week)
Ref#778
San Francisco, CA (2-3 days onsite/week)
Ref#778
A bank is seeking a Director of IT Risk Compliance to be responsible for their operational and technology risk management related activities. They will ensure risk inherent to technology systems is managed per the bank’s risk appetite and business goals, identify potential risks, develop and help implement strategies and remediation activities to treat, reduce or manage those risks. Within Information Security, they will work as an individual contributor reporting to the Senior Director, IT Risk and Compliance (ITRC), and work closely with Information Technology (IT) and Information Security (IS).
Responsibilities include:
- Perform risk assessments using a risk-based approach developed/approved by ITRC.
- Monitor the technology incident response process to ensure root cause is determined, and controls and activities implemented to reduce probability of recurrence.
- Provide monitoring over control gaps and other potential program maturity deficiencies.
- Complete, review, and validate control assessments, including control testing for design and efficacy, gap analysis, and identification of compensating controls.
- Provide support for annual SOX activities.
- Assist in management of technology remediation processes (tracking, resolution of findings, other control related activities).
- Ensure that the design of remediation solutions appropriately mitigates the identified risk.
- Liaise with Internal IT Audit, Enterprise Risk, IT and IS stakeholders, and external IT audit team.
- Adopt and support the ITRC Policy, Framework, and Program.
- Act as a Change Agent for risk awareness across the bank.
- Partner with IT and IS stakeholders to draft management reporting.
Qualifications include:
- 7+ years of progressively responsible experience in technology risk or IT audit.
- Experience with technology frameworks (CSA CCM, COBiT, NIST, ITIL, et al.)
- Advanced knowledge of operational and technology risk management.
- Experience with a Governance, Risk and Compliance (GRC) tool, preferably ServiceNow.
- Must have experience in a highly regulated industry.
- Must be proficient with Microsoft Office
- Experience documenting cloud computing control gaps and recommending process improvements.
New employees must be able to provide proof of vaccination on their first day of work. Compensation commensurate with experience. Must be authorized to work in the U.S. (citizen or permanent resident). Local candidates preferred.
Third party candidates will not be considered for this position. Applicants are considered for positions without regard to race, religion, gender, native origin, age, disability, or any other category protected by applicable federal, state, or local laws.
gatheringourvoice.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, gatheringourvoice.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, gatheringourvoice.org is the ideal place to find your next job.