Join our dynamic team to navigate complex risk landscapes and fortify technology governance, making a pivotal impact in our firm's robust risk strategy.
As a Tech Risk & Controls Senior Associate in Enterprise Technology Identity & Access Management, you will contribute to the successful management of technology-aligned aspects of Governance, Risk, and Compliance in line with the firm's standards. Leverage your broad knowledge in risk management principles and practices to assess and monitor risks and implement effective controls. Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm’s risk posture. Through collaboration and analytical skills, you will contribute to the overall success of the Technology Risk & Services team and ensure compliance with regulatory obligations and industry standards.
Job responsibilities
Understand and respond to Requests for Information (RFI's) for Identity Access Management audits and regulatory exams, performing final review of submitted evidenceAssist in coordinating teams, collection and review of current documentation and ability to quickly understand and proof documentation regarding complex business processesAct as an SME in regard to related high level design documents relating to the controls executed by individual IAM teams for delivery to Internal and External audit teamsWork across multiple stakeholder groups at various levels and efficiently document / track RFI engagement and actions.Partner with the Identity and Access Management global teams to understand SOC1 & SOX changes and their impacts to the control environmentMaintain ownership and up to date reporting of the audit/regulatory deliverables in scopeIdentify and assist with implementing process improvement points throughout the Audit/Control teams RFI lifecycle – intake, workflow, reporting and trackingUnderstand and evaluate product level CORE Processes, associated Risks and their compensating ControlsCreate new or edit a wide variety of user process documents including operation process flows, Power Point training decks, and quick reference aides relating to functions within the Audit/Control Team specifically
Required qualifications, capabilities, and skills
3+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk identification, assessment, and mitigationStrong understanding of IT risk management frameworks and information security controlsProficient in Identity Access Management controls, principles, and regulatory obligationsExperience in infrastructure projects, operations systems, and data analyticsSkilled in generating executive-level reports and presentations; comfortable presenting to auditors and senior leadershipExcellent multitasking and prioritizing skills, capable of managing multiple complex projects simultaneouslyStrong oral and written communication skills, able to present audit information and findings effectivelyDetail-oriented and organized, with the ability to produce quality documentation under tight deadlinesMotivated self-starter with a strong sense of urgency and genuine interest in continuous learning and growthHighly proficient in MS Office Suite, including Excel, Word, Project, PowerPoint, and VisioAbility to work independently with minimal supervision and effectively in a team-oriented environment
Preferred qualifications, capabilities, and skills
CISM, CRISC, CISSP, or other industry-recognized risk certificationsExperience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice/standards (e.g., ITIL, NIST, ISO, PCI, SOC)Collaboration with internal and external technology audits (3rd Line of Defense), Operational Risk Management deep dives and testing (2nd Line of Defense), and the ability to advocate on behalf of subject matter experts