competitive salary + Overtime Available
6 months ago
12 months, ongoing
A foreign bank in midtown Manhattan is looking for an IT Risk and Controls Analyst for a long-term project of 12+ months. This position is remote for the time being.
- Review existing documentation and artifacts, and determine if the information is sufficient for performing RCSAs or PSCTs
- Work with the IT process and platform owners to independently assess and clearly document key information risks and controls in standard operating procedures (SOPs), and process workflows.
- Act as a liaison between the technology and business teams to ensure MUSA process and programs meet CUSO policies and standards
- Collaborate with internal and external stakeholders and share expertise
- Work with the IT process owners to identify and document remediation plans to address potential unmitigated risks and/or control gaps (i.e., design of controls vs. operating effectiveness)
- Draft, prepare and submit findings and present them to senior management
- Be an IT SME
- 5+ years professional work experience as an IT Risk / IT Audit
Technical knowledge of Operating Systems, Database Management Systems, and Network and a strong working knowledge of FFIEC, SOX, or other US requirements
Familiarity with best practices and standards, such as: NIST Cybersecurity Framework, FFEIC Handbooks, ISO27001:2013, ISO22301:2012, NFPA 1600, NIST 800-53, and NIST 800-61
Certification in CISA, CISM, CRISC, CISSP or equivalent is preferred