Vacancy expired!
- Execute day-to-day activities required to support the development of the Technology Risk Oversight ( "TRO”) program. Ability to blend and utilize their organizational, technical, business, and cyber security skill-sets.• Participate in projects and initiatives to bring a pro-active technology risk management focus by utilizing industry best practices.• Develop a technology risk methodology for ranking the Bank's assets according to business impact (i.e., hardware, software, associated data and supporting capabilities).• Maintain an up-to-date understanding of internal and external emerging risks; identify potential threats and vulnerabilities to the Bank's assets to assist in the evaluation of technology risk.• Provide advice on how to meet technology focused regulatory obligations and assess the impact of proposed regulations through the evaluation of regulatory developments as well as implementation of required controls.• Collaborate with IT to perform Maturity Assessments for the Bank's technology risk drivers (e.g., Information Security, IT Strategy, Project Management, etc.) and identify improvement opportunities.• Maintain an up-to-date understanding of new technology trends; help assess if and how these apply and provide value to the Bank while keeping align to the Bank's risk tolerance.• Work with technology and business teams to develop and document IT risk scenarios, related risk analysis, along with risk responses to manage technology risk within their areas.• Investigate and evaluate technology related operational incidents. This includes assessing the breakdowns and identifying opportunities for internal control improvement.• Build and analyze the IT Risk Register, Controls Inventory, and Response Register.• Work on special and or ad-hoc projects as assigned via the Technology Risk Working Group of the Operational Risk Committee (e.g., Governance standards on Asset Management, etc.). Skills• Must have solid understanding of IT risk management concepts and practices;• Must have solid understanding of common risk and information security management frameworks and/or programs such as COBIT 2019, NIST, FIPS 199, CIS, ISO/IEC 27001, FedRAMP, FFIEC;• Proficient understanding of cyber security, technology operations (i.e., client server, LAN, UNIX, Windows, DB2, Oracle, SQL, VMWare, firewalls, cloud computing);• Expert industry and technical awareness to identify technology opportunities and align these to the business needs; Experience• Minimum 6+ years' experience which may include a combination of IT security, infrastructure, cloud, architecture, data, IT risk/compliance, or IT governance.• Past participation in either initial certification and/or renewal of ISO/IEC 27001, SOC 2/SSAE18, etc.• Operating/securing/assessing one of the following areas such as network security, identity access management, vulnerability management, cloud security, penetration testing, or encryption management.• Working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.• Various IT focused security risk assessments or technical assessments (e.g. related to cloud, network, systems, infrastructure, mobile, and web projects/initiatives).• Analyzing complex technical systems and the business processes they support; synthesizing the corresponding risks and controls and recommending security solutions and remediation.• Analyzing data from various sources to identify trends, emerging risks and key insights.• Defining, developing, implementing, and monitoring KRIs and KPIs.• Performing IT audits and/or IT SOX reviews.• Coordinating with risk or audit on IT focused audits or risk assurance projects.
- ID: #49398260
- State: New Jersey Jerseycity 07302 Jerseycity USA
- City: Jerseycity
- Salary: $130,000 - $140,000
- Job type: Permanent
- Showed: 2023-03-04
- Deadline: 2023-05-02
- Category: Et cetera