MATRIX has partnered with a premier client in filling a full time employee REMOTE position. This is a great opportunity to expand your career and work with a well known company and look towards career growth.
Are you a senior level Risk Management individual with a love for technology, asset management, and collaboration? Do you live, eat, and breathe Risk but also enjoy and have experience with process improvement across multiple areas and are saavy with information technology audits? Are you extremely collaborative and enjoy working with your teammates? Are you looking for your next long term career opportunity? This position may be for you!!!
TITLE: Principal Technology Risk Management
This position is responsible for analyzing and managing technology risk by providing enterprise-wide oversight and governance for technology risk management activities within the Company. Assists with the execution of various risk frameworks across the organization by monitoring and reporting on risk activities and framework compliance for identifying, assessing and reporting on risk related activities. Responsible for effective challenge of the first line in the effective management of its related risks.
- Provides technology risk oversight and effective challenge (create, coordinate, evaluate & assess): policies, standards, processes and procedures.
- Key contributor to annual review process to align various technology risk areas including Architecture, and Change Management to COBIT framework
- Ensures program compliance and executes risk mitigation activities. Leads the effective challenge of risk and mitigation plans
- Ability to provide effective leadership and subject matter expertise in Technology Risk topics to senior management, technology and business partners
- Ensures adherence to risk management frameworks
- Utilize available risk management tools to proactively identify potential risk exposures and partner with program offices to address potential weaknesses and/or gaps in a timely manner
- Provide quality assurance and effective challenge regarding risk reporting across various Technology Risk areas to senior leadership
- Monitors and tracks issues and reports
- Build and maintain collaborative relationships with Technology and Business partners, and peers
- Bachelor's Degree in Engineering, Statistics, Computer Science, Mathematics, Operations Research, or related field
- 4+ years of experience in:
- Financial Services
- Risk Management
- 3+ years of experience – hands-on software development experience and evolved into other areas such as: in Architecture, Change Management and\or DevSecOps.
- Remidiation, CICD experience
- Knowledge of Compliance (in terms of remidiation aspects / writing or reviewing procedures / identifying deficiencies - non traditional sense of compliance)
- In lieu of a degree, 8+ years of experience in Risk Management, Audit, or related field
- Working knowledge and deep understanding of Technology and it’s management lifecycle
- Act as an advisor or SME to discuss and make recomendations to 1st line of defense
- Master's Degree in IT, Risk Management, Engineering, or related field
- Working experience in 2nd line Information Risk Management (Technology Risk, Information Security)
- CRISC, CGEIT, CISA, CISM, CISSP, or similar Preferred. BSIMM (Building Security in Maturity Model)
- Working knowledge of Information Technology and risk constructs aligned to COBIT framework including but not limited to Enterprise Architecture, Cloud deployment models and associated security risks
- SME Knowledge of technology risk programs and process including, but not limited to, Audit reviews, Risk assessment and Incident Management
- Financial Institution and market knowledge of risk management best practices
- Technical knowledge of reference architecture, container orchestration, DevSecOps construct including CI/CD pipeline and tools; sound understanding of networking topologies, security tools, and micro-services application architecture
- Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control
- Systems Auditing - 3rd line of defense