New York City, NY (remote)
5 months ago
Our client, a financial services company based in New York City, NY is seeking an IT Risk & Control Officer (AVP) to join their team on a full-time basis. Hamlyn Williams have been enlisted to identify suitable candidates for an immediate start.
As an IT Risk & Control Officer you will be analyzing security, threats, risks and exposures, determining the causes of security deviations and suggesting procedures to halt future incidents and improve security.
You will collaborates cross functionally in business and system requirements analysis. Develop techniques and procedures for conducting and reporting IS and cyber security analysis, risk assessments, and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents such as intrusion, frauds, attacks or leaks.
- Perform independent risk-based assessment and testing of key information risk-related controls, including documenting and reviewing the design of controls, reviewing the effectiveness and results of testing, and conducting sample-based testing of control effectiveness based on testing methodologies.
- Develop test scripts and cases for controls testing, and prepare detailed workpapers.
- Prepare reports on test activities, goals, audit plan/ walk-throughs, scheduling, execution, results, analysis, mitigating factors, conclusions, and recommendations.
- Work with internal teams and third parties to identify and document remediation plans addressing gaps in security (i.e., control design vs. effectiveness).
- Draft, prepare and submit RCSA findings and present them to senior management.
- Act as an IT subject matter expert to ensure alignment with best practices.
- Collaborate with internal and external stakeholders by sharing expertise, and providing accurate and timely information.
- Promote ongoing security and integrity within the Firm.
- Bachelor’s degree in Computer Science, Management of Information Services or similar
- 4-5+ years’ professional experience within IT Risk. IT Audit
- Technical knowledge of Operating Systems, Database Management Systems, and Networks
- Strong working knowledge of FFIEC, SOX, or other US regulatory guidance and requirements
- Familiarity with best practices and standards, such as: NIST Cybersecurity Framework, FFEIC Handbooks, ISO27001:2013, ISO22301:2012, NFPA 1600, NIST 800-53, and NIST 800-61.
- Experience with customizing SharePoint, Jira, Confluence, OpenPages and Archer are a plus
- Industry certification in one of the following: CISA, CISM, CRISC, CISSP or equivalent
Our client is able to offer market leading packages to qualified hires with amazing benefits including competitive benefits & profit-sharing.
At this stage only US Citizen/ Permanent Residents/ Green Card holders are being considered. Candidates willing to relocate are also being considered.
This company has excellent infrastructure in place so given the COVID climate will be conducting all phases of the interview process remotely (including onboarding).
Please share your most recent resume & availability to firstname.lastname@example.org for consideration.