IT Risk Manager is an individual contributor role and will be reporting to Sr. IT Risk Manager in Global Services Governance team, located either in Santa Clara, CA, Tempe, AZ or Salt Lake City, UT.
Required Qualifications:
5 years of IT audit and/or IT risk management experience at a Big 4 firm, a financial services company or other regulated organization
3 hands on experience with SOX audit and experience in performing tests of design and effectiveness over IT controls. Ability to effectively complete test work papers, collect supporting evidence from different stakeholders and share the testing results with control owners to work on defining action plans to remediate the gaps.
C apability to work on the multiple tasks simultaneously with minimal direction in in fast-paced environment
Proactive, strong interpersonal skills
Proficient in Microsoft Excel and Powerpoint
Familiarity in IT risk and compliance activities and general understanding of industry frameworks (as such COBIT, ITIL), and technology (Oracle, Windows)
Preferred / Is a Plus Qualifications:
One or more professional certifications highly desirable, such as CGEIT, CISA, CISM, CISSP, CRISC
Experience with using or implementing GRC tools
Working knowledge of (or willingness to learn) key regulations within risk management and financial services industry, such as FFIEC, GLBA, GDPR, PCI
Core Responsibilities: Identify, assess, mitigate and monitor/report technology risks via:
Conducting IT risk self-assessments and performing IT control self-testing to identify gaps and deficiencies
Providing support to technology teams with the internal/external audits and advise them on management action plans to remediate the deficiencies
Verifying appropriate remediation measures are taken and effectively completed
Interpreting regulatory requirements into actionable internal IT controls and validating compliance with these requirements
Owning IT's Risk Register and Control Library
Tracking and reporting the status of management action plans for the deficiencies identified through IT risk self-assessments, control self-testing, security assessments, and internal / external audits
Building effective relationships with IT teams and collaborate with external stakeholders in Security Office, Internal Audit, Enterprise Risk Management, Corporate Compliance, Regulatory Relations and business units