Role Overview:
The individual selected to fill this role will be responsible for driving technology governance and compliance initiatives, conducting comprehensive risk assessments, and handling third-party risk management (TPRM). The ideal candidate will have significant experience within the financial services sector, a strong understanding of regulatory technology risk requirements, and proficiency in automating processes, finding innovative solutions to complex problems, and adapting to new products and solutions.
This position will report to BAM's Security Operations Lead.
Strategic Responsibilities:
- Design and implement repeatable, efficient processes for GRC operations.
- Collaborate between technology and business teams to drive proper implementation of security controls and technology compliance requirements across the firm.
Tactical / Hands-On Responsibilities:
- Conducting compliance audits to ensure adherence to cybersecurity standards and regulations.
- Lead efforts in Third-Party Risk Management (TPRM), ensuring due diligence and alignment with firm risk appetite.
- Perform risk assessments of third-party partners and their platforms to identify potential security and compliance risks.
- Develop and maintain documentation on the firm’s technology governance, risk management, and compliance policies and procedures.
- Keep up with, and evaluate, new industry GRC trends to determine the firm’s best approach for dealing with emerging governance and compliance areas.
- Implement and monitor compliance against known frameworks and standards, such as NIST CSF and CIS benchmarks.
- Act as a subject-matter expert on relevant compliance and regulatory frameworks for technology and privacy (GDPR, CCPA, MAS TRM, EDSP etc.), and staying on top of industry best practices.
- Engaging in risk management and updating playbooks to align with current industry standards, regulatory changes, and best practices
- Good working understanding of Cloud Security, Application Security, Identity and Access Management and vulnerability management.
Qualifications & Requirements:
- Bachelors in cybersecurity, risk management, governance, or computer science related discipline
- At least 5 years of experience in governance risk management and compliance within the financial services industry.
- Strong Third-Party Risk Management (TPRM) skills
- Robust understanding of regulatory technology risk requirements across US, Europe, and Asia
- Strong understanding of frameworks and standards, such as SOC2, NIST CSF, CIS benchmarks
- Able to communicate technical concepts between technical and non-technical stakeholders
- Experience with conducting risk assessments, identification, treatment, and monitoring of risks.
Bonus Points For:
- Information Security certifications (CISSP, CRISC, CISA).
- Ability to build dashboards to monitor Information Security KPI’s and KRI’s
- Automation and scripting abilities.
- Familiarity with public cloud (AWS/Azure) governance and relevant compliance frameworks
Don’t have all of the skills listed above? Have extra skills you think are important that we haven’t thought of? Please, let us know by applying and telling us a bit more about yourself and why you think you’re qualified.
