OverviewOVERVIEW
The IT Security Risk & Assessment Manager primary responsibility is executing IT/IS workplans aligned to regulations and frameworks. This role will be key to identifying common/noncommon processes, performing control testing on behalf of the CISO, assisting shadow IT join common controls, as well as also helping control owners understand how to self-test controls and maintain evidence. The person should be experienced using GRC software to help with implementation overall to help ensure the development of a single internally aligned testing approach aligned to both 2nd and 3rd line.
RESPONSIBILITIES
• Willingness to become an expert of the operations that are being supported.
• Identify opportunities for supporting and optimizing business processes and system implementations to achieve business goals.
• Work with stakeholders to understand business requirements and communicate the necessity and benefit of control standardization and testing.
• Perform business process and control assessments and convey risk reduction to leadership and stakeholders.
• Build long-term, trust-based relationships with stakeholders, vendors, and internal shared services.
• Ensure adherence to IT security policies and procedures, safeguarding company data and systems from unauthorized access and breaches.
• Maintain close partnerships with 3rd line, to maximize support for Internal Audit initiatives.
• Develop and maintain budget, project, and reporting documentation as necessary to ensure timely and effective communication of real time status through presentations and reporting.
• Must be comfortable managing several initiatives at a time.
QUALIFICATIONS• Bachelor's Degree - Business Administration, Finance/Accounting, Information Technology or Engineering or similar preferred.
• 3-5 years of Audit & Risk experience in Big 4 or similar entity (ALIGN, Coalfire, etc.).
• Working knowledge executing IT/IS workplans aligned to regulations and frameworks.
• Strong working knowledge of industry frameworks and regulations, such as NIST 800-53, GLBA, NYDFS, SOX, ISO 27001, Secure Controls Framework, etc. with experience mapping and implementation of controls derived from the control inventory.
• Working knowledge of Business Process Audits, Control Ownership and Lifecycle considerations.
• Excellent interpersonal and communication skills, ability to problem solve and liaise with departmental staff and senior management.
• Demonstrable experience in developing and testing controls based on ubiquitous industry frameworks.
• Experience in highly regulated environments, preferably Financial Services or similar.
• Working experience with GRC solutions. Auditboard highly preferred.
CERTIFICATIONS, LICENSES, AND/OR REGISTRATION
• Risk and Audit certifications: CRISC, CISA or other relevant certifications preferred.
• Project Management certifications: PMP preferred
LOCATION & COMPENSATION
• This is a fully remote position and can be based anywhere in the US.
• Base compensation is expected to be $XXk with the opportunity for incentive compensation including bonus compensation.
PHYSICAL DEMANDS AND WORK ENVIRONMENT
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and use hands to handle, touch or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise level in the work environment is usually moderate. The employee is occasionally required to stand; walk; reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, color vision, and the ability to adjust focus.
EEOC
Bayview is an Equal Employment Opportunity employer. All aspects of consideration for employment and employment with the Company are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.
