Our client, a leading financial institution with massive real-time high-frequency transactions, is looking for an IT Security & Risk Associate to join their IT Security & Risk Governance Team. The selected candidate will be a key person in supporting their Security and Risk Management.
Responsibilities:
Manage the IT Security & Risk and Control Framework across the IT Organization.
Define IT Security & Risk standards and Control in response to the changing technology landscape and regulatory requirements.
Ensure the IT policy, processes, and procedures are well established and awarded across the organization.
Manage IT Security & Risk incidents including identifying the root cause, control options, recommendations, and resolutions.
Communicate with regulators, and auditors including compliance assessment, security audits, etc.
Review IT outsourcing providers and perform regular security assessments on IT outsourcing services.
Manage IT Audits and ensure risk-impacting issues are addressed before the initiation of the audit.
Requirements:
Around 8 - 10 years of experience in IT Security and Risk area ideally in a 1.5 Line of Defense.
Experience with IT Security and risk management in a large-scale financial institution.
Experience in technology risk & control including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, governance and metrics, incident management etc
Solid understanding of internal control concepts with the ability to evaluate and determine the adequacy of controls by considering business and technology risks.
Familiar with industry risk frameworks including ISO27001, NIST, PCI.
Excellent communication skills in English.
Certificates in CGEIT, CRISC, CISA, and/or CISSP are a great plus.
Good knowledge of NIST Cybersecurity Framework, ITIL, CMMI, ITSM, COBIT, and PMBOK.
Bachelor's Degree in Computer Science, IT, or related discipline.