Connecting linkedin

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9oyw1sew4td2lsbglhbxmvanbnl2jhbm5lci1kzwzhdwx0lwpvyi5qcgcixv0

Job

IT Risk Control Analyst

  • Location

    Unknown

  • Sector:

    Financial Services and Banking

  • Job type:

    Contract

  • Salary:

    competitive salary + Overtime Available

  • Contact:

    Georgiana Porter

  • Contact email:

    g.porter@hamlynwilliams.com

  • Salary high:

    0

  • Salary low:

    0

  • Published:

    16 days ago

  • Duration:

    12 months, ongoing

  • Expiry date:

    2020-09-23

  • Startdate:

    ASAP

Job Description

A foreign bank in midtown Manhattan is looking for an IT Risk and Controls Analyst for a long-term project of 12+ months. This position is remote for the time being. 

Responsibilities

  • Review existing documentation and artifacts, and determine if the information is sufficient for performing RCSAs or PSCTs 
  • Work with the IT process and platform owners to independently assess and clearly document key information risks and controls in standard operating procedures (SOPs), and process workflows.
  • Act as a liaison between the technology and business teams to ensure MUSA process and programs meet CUSO policies and standards
  • Collaborate with internal and external stakeholders and share expertise
  • Work with the IT process owners to identify and document remediation plans to address potential unmitigated risks and/or control gaps (i.e., design of controls vs. operating effectiveness)
  • Draft, prepare and submit findings and present them to senior management
  • Be an IT SME 

Qualifications 

  • 5+ years professional work experience as an IT Risk / IT Audit
  • Technical knowledge of Operating Systems, Database Management Systems, and Network and a strong working knowledge of FFIEC, SOX, or other US requirements

  • Familiarity with best practices and standards, such as: NIST Cybersecurity Framework, FFEIC Handbooks, ISO27001:2013, ISO22301:2012, NFPA 1600, NIST 800-53, and NIST 800-61

  • Certification in CISA, CISM, CRISC, CISSP or equivalent is preferred