IT Risk Resume Samples

4.6 (116 votes) for IT Risk Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the it risk job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Resume Builder
CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Create a Resume in Minutes
BG
B Gusikowski
Brooklyn
Gusikowski
6038 Kreiger Underpass
Philadelphia
PA
+1 (555) 366 4389
6038 Kreiger Underpass
Philadelphia
PA
Phone
p +1 (555) 366 4389
Experience Experience
New York, NY
Senior.group Mgr, IT Risk Mgmnt
New York, NY
Kuhn, Morar and Olson
New York, NY
Senior.group Mgr, IT Risk Mgmnt
  • Conduct training/workshops to ensure that stakeholders understand and contribute to the risk management process
  • Conduct and lead a technology root cause analysis program and drive improvement resulting from the findings
  • Establish risk control processes and procedures
  • Collaborate with senior business risk managers and key stakeholders to validate technology’s portion of their risk appetite
  • Create a financial services industry-leading automated control testing solution
  • Develop an IT risk reduction and awareness program
  • Develop technology risk response action plans used to mitigate risk factors identified during risk assessments
Philadelphia, PA
Director, IT Risk Domains
Philadelphia, PA
Bradtke-Rogahn
Philadelphia, PA
Director, IT Risk Domains
  • Provide focus and clarity in establishing individual goals, driving performance management, supporting career development and rewarding strong performance
  • Demonstrate a collaborative work ethic and enterprise-wide mindset in the performance of duties
  • Manage scenario analysis across the domains
  • Oversee the development of domain measurement and monitoring policies and practices
  • Leverage the value in unit, department, and enterprise-wide teams to develop better solutions and achieve optimal enterprise-wide results
  • Provide advice on escalated IT risk policy and risk mitigation issues
  • Accept and successfully execute change while supporting employees through the process, and keeping them focused on business priorities
present
Chicago, IL
Director IT Risk, &TS, Europe & Asia
Chicago, IL
Douglas, Cummerata and Langworth
present
Chicago, IL
Director IT Risk, &TS, Europe & Asia
present
  • Act as the Centre of Expertise for IT Risk best practices managing key business platform executive relationships in the assigned region
  • Oversee and guide risk assessment activities in the region according to regional priorities
  • Advise and assist first line of defense in IT Risk mitigation planning activities
  • Establish effective monitoring practices to ensure adherence to the IT risk management framework and policy and assist business in the identification of issues
  • Liaise with industry peers to develop insights into leading IT Risk management practices
  • Global and regional scope and impact
  • Produce quarterly reports to business senior management and IT VP/SVP on the assigned region’s IT Risk profile including application, infrastructure and third party
Education Education
Bachelor’s Degree in Business
Bachelor’s Degree in Business
Emory University
Bachelor’s Degree in Business
Skills Skills
  • Possesses strong analytical skills and has a thirst for knowledge (i.e., highly inquisitive)
  • Experience with DLP and cyber security tools and methods. Knowledge of security controls for handling of Personally Identifiable Information (PII) data
  • Ability to build strong and productive working relationships with staff at all levels across the company
  • Ability to maintain high ethical standards with a drive to achieve the right answer in difficult and/or ever changing situations
  • Strong influencing skills coupled with technical risk management expertise. This also includes a mature business approach to problem solving, conflict resolution and influence
  • Experience in implementing, enhancing and successfully managing an Internal Audit or SOx function with a global multinational company with a highly complex matrixed environment
  • Experience managing executives and cross-functional teams, including people development skills and leadership qualities. International experience and ability to work across cultures
  • Prior experience in IT Risk Management, Privacy Impact Analysis, or IT Audit Methodology strongly desired
  • Good understanding of security protocols and authentication schemes
  • Excellent organizational, written, presentation and verbal skills
Create a Resume in Minutes

15 IT Risk resume templates

1

North Asia IT Risk Administrator Resume Examples & Samples

  • Support risk managers in coordinating regulatory inspections, RFI, industry consultations and routine BAU activities
  • Organize meetings and materials including presentations, agenda, minutes of meeting, and executive summaries
  • Create project documentation such as scope, risk, issues, and plans
  • Create & produce periodic status reports
  • Manage project documentation in sharepoint or share drive
  • Monitor project progress and highlight possible delays or/and problems to the Risk Manager; and
  • Provide support to Risk Managers as required
2

Director, IT Risk Domains Resume Examples & Samples

  • Strategic Oversight and Challenge
  • Act as a resource to the regional and platform specific Directors, IT Risk, and IT and business senior management, utilizing broad knowledge across the domains, to support the development of risk mitigation solutions
  • Represent the domains for IT Risk providing independent oversight and challenge and provide support to the first line of defense senior management operating teams
  • Determine root cause of IT risk issues and triage to appropriate Senior Manager, IT Risk Domain for analysis and recommendations
  • Ensure overall consistency and a balanced approach is achieved and maintained in the development of policies across all domains
  • Ensure that the risk profile is fairly presented in ongoing reporting and escalate to senior management when the risk profile is at or near risk appetite
  • Work with the Directors, IT Risk and executives and senior management on escalated issues and to enhance their ability to anticipate and manage domain risks effectively
  • Oversee the monitoring of comprehensive domain risk appetite frameworks, policy, and control standards that align to industry practices and current and emerging regulatory requirements
  • Oversee effectiveness assessments and analysis of results of third party audit reviews
  • Manage scenario analysis across the domains
  • Recommend new policies based on current awareness of changes to industry standards and threat landscape relative to the domains of expertise
  • Oversee the development of domain measurement and monitoring policies and practices
  • Advise on the development of standards by the first line of defense to ensure policy alignment
  • Provide advice on escalated IT risk policy and risk mitigation issues
  • Risk Awareness
  • Oversee the promotion of IT risk management as an embedded discipline across the domains
  • Provide guidance to Communication/Training and Awareness teams on the development of domain related training and communication to ensure consistency across the domains
  • Undergraduate degree in Information Technology
  • A minimum of 10 years of experience in a progressively responsible role in one of the domain areas (Disaster Recovery & IT Continuity, Infrastructure, Data Quality, Performance & Scalability, or Change Management and Development Practices) within a global financial services organization
  • Solid understanding of the industry control environment within the various domain areas
  • Strategic mindset, with excellent knowledge and understanding of the financial industry
  • Enterprise-wide scope and impact
  • Keep apprised of changes to industry standards and threat landscape relative to the domains of expertise in order to make changes to policy
  • Large impact to the organization as oversees the provision of subject matter expertise in the management of IT Risk related to domains
3

IT Risk Policy Specialist Resume Examples & Samples

  • Help oversee annual/bi-annual reviews of 15 policies and approx. 500 standards, along with their associated procedures
  • Work closely with policy/standard owners and their working groups to oversee the writing and revision of documents as they come up for annual and bi-annual reviews. Once onboard, candidate will be required to develop a thorough comprehension of all ITRSM policies and standards, with a strong understanding of their various interrelationships
  • Interface with the 30-members of the IT Risk and Compliance (ITRAC) Steering Committee, which provides decision-making and guidance for the policies and standards program
  • Maintain responsibility for input and export of information in the online policy system
  • Participate in current efforts to revamp ITRSM policy/standard workflow
  • Conduct searches for policies, standards and procedures for document requests and other purposes
  • Help prepare routine presentations on policies to senior management (IT Risk Leadership team)
  • Minimum of 10 years of relevant experience in the financial industry
  • Experience in compliance and/or regulatory management
  • Excellent writing skills including the ability to draft policy-level documents
  • Thorough knowledge of MS Word, including use of its ‘Review’/’Tracking’ features
  • Intermediate-level user of Excel and PowerPoint
  • Strong knowledge of MS Sharepoint
  • Must be able to cope with changing priorities. Ability to interface with varying levels of staff and management to achieve an understanding of the business needs
4

Head of IT Risk TIS Resume Examples & Samples

  • Management of the IT risk assessment book of work for TIS and the America's region
  • Evolve the current service offerings from a focus on Information Security to include broader holistic operational risks relating to Technology
  • Build and manage a highly motivated, skilled team, developing talent and human capital
  • Provide input to the change management of key CS Policy and standards relating to IT Risk
  • Risk governance deliverables for the Americas region – ensuring risk content is the focus and delivered for major risk governance bodies as defined by the IT Governance framework
  • Support the development and communication of a comprehensive IT risk management strategy aligned to Op Risk, Business and IT strategies
  • Work closely with the 2nd line of defence lead for TIS Op Risk and America's Op Risk to ensure a holistic approach
  • Chair/participate in regional industry committees/forums to maintain awareness of trends and best practices, share the leadership/direction of the firm, and monitor changes in applicable regulatory requirements to enhance internal plans
  • CS and Industry wide knowledge of Information Security and Operational Risk management, specifically Technology related risk and the overall banking businesses in which CS operates
  • Depth of knowledge of IT technology and experience in managing and/or delivering IT service to be ‘practical’ in reviewing and recommending risk mitigation measures in a realistic IT environment
  • Proven track record in successful engagement with senior IT and Business personnel
  • An understanding of the impact of technology on banking systems, with business product knowledge a plus
  • Strong people leadership with a proven experience in building, managing and developing teams across multiple regions
  • Strong communicator with ability to build and maintain relationships to facilitate high quality
  • Demonstrated knowledge of the regulatory environment and engagement with key Regulators
  • It would be an advantage to also meet the following
  • Motivated and passionate SME in Information Security and Technology Risk Management
  • Professional certifications in key risk management or technologies
  • Proven Director level experience and track record of delivery of major technology risk related programs
5

IT Risk Assessment Resume Examples & Samples

  • Work with the Morgan Stanley-identified managed service provider to execute and complete Asset Assessments
  • Independently execute and complete Asset Assessments when required
  • Lead workshops to educate system owners and developers to share information about the NAC and ARA programs
  • Work with relevant subject matter experts to maintain consistency and accuracy of various technology controls as implemented within the Asset Assessment
  • Ensure any identified risks are properly prioritized and addressed through the risk reporting process (RADAR)
  • Perform quality assurance reviews on the asset assessments produced by the managed service provider and other team members
  • Draft summary reports highlighting the statuses of various ongoing reviews involving asset assessments
  • Support the managed service provider and team members during the asset review process where risk-related information may be derived from other sources(IPRAM, ILM, DNA)
  • Support maintenance of the NAC and ARA process by participating in revisions to the processing and data collection changes and changes to the GRC software platform (currently Archer)
  • 3 to 5+ years of technology / information risk work experience
  • Solid understanding of technology & data and information security risks
  • Experience performing risk and control assessments at large, financial services institutions
  • Excellent oral, verbal communication, interpersonal and presentation skills required
  • Proven written communication skills on a technical and managerial level
  • Ability to handle confidential matters with discretion
  • One or more industry certifications (e.g., CISSP, CISM, CISA,CRISC)
  • Public Accounting (Tech) experience (e.g., risk assurance, external audit)
  • Familiarity with ISO 27001, COBIT, ITIL, Banking regulations (e.g., FFIECGuidebooks)
6

IT Risk Transformation Manager Resume Examples & Samples

  • SAP ECC security governance, design, configuration and testing
  • SAP FI/CO, SD and/or MM experience
  • Functional risk and controls experience for Source to Pay, Material to Inventory, Order to Cash and/or Record to Report; and/or
  • Integration experience with ECC, focused on IT infrastructure or process performance improvement
  • Continuous monitoring enabled by SAP ECC, SAP GRC or SAP BI, including governance; design; configuration and testing; integration between SAP and non-SAP solutions; OR data analytics using ACL or MS Access; and
  • Consumer Products, Life Sciences, Power and Utilities, Healthcare, OR Media and Entertainment industries
7

Director, IT Risk Resume Examples & Samples

  • Undergraduate degree in business
  • A minimum of 8-10 years of experience in progressively responsible IT risk management roles in a global financial services organization
  • Solid understanding of the Insurance and Technology & Operations business platforms, and business content experience within that platform
  • Well-developed impact and influence skills
8

Manager, IT Risk Policy Resume Examples & Samples

  • Develop and own policy roadmap including new deliverables and scheduled reviews in compliance with established review dates
  • Engage with Policy Forum to validate schedule setting priorities and obtaining committed resources to participate in working groups
  • Conduct a business needs assessment for all ad hoc document requests to provide a systematic approach for determining the current gaps and potential impacts
  • Schedule document development and maintenance to ensure work items are appropriately prioritized and resourced
  • Develop and recommend enterprise IT Risk policy documents to manage information technology, information security and related risks. This is a combination of new policy and integration of existing policies where appropriate
  • Ensure IT Risk policy and control standards are aligned to industry standards and key information technology/ information security legislation/regulation. This alignment is to be conducted as existing control standards are reviewed or as new ones are developed
  • Manage the storage of IT Risk policy documents in appropriate library systems, e.g. PPL, SharePoint, Archer
  • Enable the publication of approved IT Risk policy documents on the Privacy & Security website
  • Optimize existing documents as they are reviewed so that they are easy to read and understand. Ensure documents present the content in a consistent, easy to scan format
  • Manage the document management process and schedule for IT Risk policy documents to ensure the process remains relevant and the review is executed as per the timing identified in the Review Schedule
  • Develop a series of topical Views that encompass and clarify the related IT Risk control standards as identified by the IT Risk advisors and IS Consultants
  • Develop corresponding communcation requirements for new and updated policy documents and work with communication partners in developing communication plans; provide subject matter expertise and direction for IT Risk strategies and awareness initiatives
  • Particiate in transformation initiatives to develop an automated and integrated, efficient and consistent GRC approach to policy
  • Provide 2nd line support for the IT Risk Advisors and IS Consulting team with respect to policy/control standard challenges raised by the business
  • Support IT Risk Advisors and IS Consuting team members in policy document implementation and monitoring strategies, plans and tools needed to meet all IT-Risk related regulatory requirements, governing laws and other applicable laws and regulations globally
  • Provide central enterprise-level point of contact and coordination for IT Risk policy document management
  • Establish and maintain constructive working relationships with 1st and 2nd line of defence in policy management
  • Negotiation skills, teamwork and co-operation
  • Knowledge of banking regulation
  • Project planning and implementing skills
9

IT Risk Transformation Manager Resume Examples & Samples

  • Continuous monitoring enabled by SAP ECC, SAP GRC or SAP BI, including governance; design; configuration and testing; integration between SAP and non-SAP solutions; OR data analytics using ACL or MS Access
  • Consumer Products, Life Sciences, Power and Utilities, Oil and Gas, Technology, Healthcare, OR Media and Entertainment industries
  • Security and risk standards including COBIT, COSO, ITIL, ISO 2701-2, PCI DSS, OR NIST
10

IT Risk Team Lead Resume Examples & Samples

  • IT knowledge and experience at (applied) university-degree level
  • Minimum of 7 years’ demonstrable experience in IT-risk management within large and complex organisations
  • Minimum 2 years experience in leading specialist teams
  • Sound knowledge of and experience with IT development (scripting, automation, scrum/dev-ops, etc)
  • Fluency in English and preferably Dutch (orally and written)
11

IT Risk Section Manager Resume Examples & Samples

  • Coordinates and oversees the implementation, monitoring and/or management reporting of the IT Risk Management Program
  • Leads team responsible for maintaining technology risk/control framework and assessment program to ensure alignment with industry risks, trends, new technologies and new/changes in regulatory requirements
  • Assists lines of business with development of risk remediation plans and monitoring to ensure timely completion and that residual risk is acceptable by management
  • Manages IT risk advisory engagements for lines of business (primarily IT Services) including planning, assessing and reporting
  • Provides IT audit/regulatory/legal portfolio management oversight services to include coordination, scheduling, consulting, monitoring and reporting
  • Provides direction, coaching and mentoring for assigned professional staff regarding employment, career development and performance evaluation in accordance with Bank guidelines
  • Bachelor's degree in business, computer science or related discipline or equivalent education and related training
  • Six years of IT risk management and/or IT auditing experience
  • Advanced understanding of IT Control Frameworks such as COBIT, ITIL and COSO
  • Advanced knowledge of IT auditing practices and regulatory requirements including GLBA, PCI, ITIL, etc
  • Strong team-oriented interpersonal skills and ability to achieve mission oriented and valued-based results
  • One or more professional certifications such as CISSP, CISM, CISA or CRP
  • Thorough understanding of network topology and associated risks
  • Oriented with judicial process associated with eDiscovery cases
12

IT Risk Consultants Resume Examples & Samples

  • IT Assurance/ Audit - including the execution of evaluating and design of IT controls (e.g. application & general controls) in support of an external audit
  • Internal audits – including the execution of audits of IT processes against leading practice IT risk and security frameworks and common standards (e.g. CoBIT, ITIL, ISO 27001/02)
  • Service Organisation Controls Reporting and agreed upon procedures reviews against standards such as ISAE/ASAE3402/ SSAE16
13

Manager, IT Risk Policy Resume Examples & Samples

  • Develop corresponding communication requirements for new and updated policy documents and work with communication partners in developing communication plans; provide subject matter expertise and direction for IT Risk strategies and awareness initiatives
  • Participate in transformation initiatives to develop an automated and integrated, efficient and consistent GRC approach to policy
  • Support IT Risk Advisors and IS Consulting team members in policy document implementation and monitoring strategies, plans and tools needed to meet all IT-Risk related regulatory requirements, governing laws and other applicable laws and regulations globally
  • Knowledge of COBIT and ITIL
14

Regional Head of IT Risk, Asia Pacific Resume Examples & Samples

  • Collaborate with Information Risk & Compliance Managers across lines of business to aggregate technical risks and findings in assets and systems to provide a holistic view of technology risk across a country location
  • Assess the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
  • Monitoring and analysis of regional technology key risk indicators
  • Proactively identify potential risks based on changes to business models, technology models, and external trends
  • Develop executive level reporting and communications to support risk-informed business decisions
  • Understand and can consult on information security standards and industry best practices
  • Identify and maintain variances in policies and standards for addressing country specific regulatory requirements. Review proposed IT Risk Policies and Standards for conformance and input of country requirements
  • Reinforce Information Risk Policies and Standards, and provide risk management support to businesses running in country
  • Act as a coordination point for responses to any RFIs, audits or inspections
  • Monitor and report implementation of key initiatives to local country management and regional teams
  • Facilitate and assist with firm-wide technology control assurance in country locations
  • Interact with other relevant firm-wide control bodies (IT Governance, Audit, Operational Risk, Legal/Compliance, Resiliency Risk Management)
  • Promote and improve awareness of security threats, laws and regulations, policies and standards
  • 15+ years of IT experience, the majority of which should be in an IT Risk or Security role, preferably in the financial services sector
  • Broad based knowledge of IT Risk, IT Compliance, Security and disaster recovery/business continuity, with appropriate qualifications or certifications (CISM, CISA, CISSP or equivalent)
  • Broad knowledge or experience of working with regional regulators, Hong Kong, Australia, Japan etc
  • Significant analytical and critical thinking skills
  • Demonstrated technical abilities in multiple areas (e.g., technology infrastructure platforms or networks, application development, data protection, etc.)
  • Ability to manage multiple projects concurrently, work under pressure, and meet tight time commitments
  • Strong process orientation and understanding of operations and technology enabling candidate to provide support in the analysis, development and monitoring of controls
  • Ability to build and maintain collaborative working relationships with Information Technology and Business to design and assist in the execution of appropriate controls design and monitoring
  • Strong Program/Project Management and influencing skills
15

Director IT Risk, &TS, Europe & Asia Resume Examples & Samples

  • Oversee IT risk management practices covering the five domains of IT Risk, provide interpretation and counsel on policies, and challenge existing practices for Enterprise IT Risk within Investor & Treasury Services and Europe and Asia regions
  • Provide subject matter expertise to determine appropriate controls and to advise the business on the implementation of controls taking into consideration a broad range of highly complex and often ambiguous regional and cultural specific issues
  • Act as the Centre of Expertise for IT Risk best practices managing key business platform executive relationships in the assigned region
  • Utilize in-depth understanding of the business platform and region specific factors and requirements and the associated impact on IT Risk governance in order to provide input into strategic development from a regional perspective
  • Ensure enterprise-wide policies meet the diverse requirements of the region in order to provide assurances of compliance while minimizing adverse impact to business operations
  • Contribute to and support the execution of IT Risk management programs
  • Challenge the first line of defense within each business platform to ensure the IT Risk profile is a balanced, comprehensive and transparent reflection compared to risk appetite
  • Contribute to the review of IT Risk assessments executed by the business including deep dive assessments, scenario analysis and new product or change initiative assessments
  • Produce quarterly reports to business senior management and IT VP/SVP on the assigned region’s IT Risk profile including application, infrastructure and third party
  • Participate in the steering committee or associated governance/review activities on key business initiatives ensuring that existing and emerging IT Risks for new products, processes and transformational initiatives are identified
  • Track and consult on IT Risk remediation action items
  • Liaise with multiple regulators in multiple diverse countries within the region to ensure up to date knowledge of various regulatory requirements and assist in the response to requests
  • Facilitate client due diligence reviews of RBC controls and provide assurance to clients that risk is managed effectively
  • Work directly with the leadership team of the first line of defense to embed an understanding of the business line IT Risk profile and risk appetite into strategic decision making; challenge executive decision making that contradicts profile and risk appetite
  • Ensure dissemination of information on RBC’s IT Risk management practices and programs to foster sound IT Risk management within the region
  • Liaise with industry peers to develop insights into leading IT Risk management practices
  • Policy and Risk Appetite Management
  • Provide IT Risk policy interpretation to first line of defense and advise them on the development of standards and procedures that align with policy in order to ensure Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) are met
  • Establish effective monitoring practices to ensure adherence to the IT risk management framework and policy and assist business in the identification of issues
  • Advise and collaborate with IT and the business on appropriate ways to strengthen controls in non-compliant areas
  • Advise and assist first line of defense in IT Risk mitigation planning activities
  • Provide expertise and assistance to the region in the development, implementation and monitoring of the Enterprise Risk appetite by overseeing the businesses as they write and annually refresh their risk appetite statements
  • Ensure that the IT Risk Profile is fairly presented through ongoing reporting, and escalate to executive management when the IT Risk Profile is at or near the defined Enterprise Risk Appetite
  • Awareness Leadership
  • Promote IT risk management as an embedded discipline within the region supported
  • Promote and nurture a risk aware culture
  • Provide guidance to Communication/Training and Awareness teams on regional specific requirements
  • Cyber Security
  • Ensure enterprise driven information security programs are delivered in region including data protection, cyber threat management and identity and access management
  • Provide regional requirements to enterprise teams to ensure security programs meet the needs of Europe and Asia
  • Oversee and guide risk assessment activities in the region according to regional priorities
  • Proven experience in progressively responsible IT risk management roles in a global financial services organization
  • Build from scratch capabilities
  • Highly developed ability for conceptual thinking
16

IT Risk Remediation Portfolio Manager Resume Examples & Samples

  • Definition of the future state vision, strategy and roadmap for Infrastructure Services (IS)
  • Liaising with senior stakeholders and management functions to lead the definition and creation of the Infrastructure Services transformation programme scope and timeline
  • Creation of the business cases, master plan and cross workstream dependency view of the programme
  • Setup of the programme office, governance structure and supporting programme reporting function
  • Mobilisation of the programme and leadership of its execution from start to finish
  • Ability to manage a large scale, multi vendor, multi location team consisting of both internal and external resources
  • Ability to report, liaise and understand dependencies on other Group Technology and regulatory required change the bank (CTB) programmes
  • Management of the programme financials, ensuring all projects are funded and tracked conforming to the banks standard methodologies and project management frameworks
  • Ensure the programme adopts and conforms to the new target state Services based Operating Model for Infrastructure Services
  • Ensure that the programme aims to achieve synergies and take advantage of other strategic levers such as offshoring and the hubbing strategy
17

IT Risk Policies & Standards Lead Resume Examples & Samples

  • Deliver robust oversight and governance for the ongoing development and maintenance for Policies and Standards ensuring compliance with revision requirements
  • Develop (re-design) and maintain an end to end Polices and Standards framework based on key technology controls which drive
  • Minimum of 10 years experience in Information Technology, IT Risk or IT Controls, including 3+ years experience in the implementation of associated Policies and Standards frameworks
  • Previous experience in diverse range of technology, risk and control roles
  • Strategic mindset that can quickly identify how the components of a holistic risk/control program should fit together
  • Highly motivated team player with excellent analytical, written and verbal communications skills. Ability to translate vision and strategy into clear actionable goals, establish priorities and achieve measurable results
  • Track record of establishing and maintaining collaborative cross-organizational partnerships to achieve results
  • Ability to persuade and influence is key. Must have ability to be tactful yet assertive
  • Strong collaboration and negotiation skills
  • Adaptability to changing business conditions
18

IT Risk Section Manager Resume Examples & Samples

  • *CAN BE LOCATED IN RALEIGH, WILSON LOCATIONS AS WELL AS CHARLOTTE***
  • Coordinates and oversees the implementation, monitoring and/or management reporting of functions within the IT Risk Management Program
  • Provides IT audit/regulatory/legal portfolio management oversight services to include coordination, scheduling, consulting, monitoring and reporting. **
  • Develop and compile periodic reporting and metrics to assist IT Management with portfolio level risk insight. 8. Contribute to the development and management of several centralized risk management and reporting initiatives
  • Strong project/change/initiative management skills and experience, to include use of project management software (MS Project)
  • Experience with process development, design and implementation
  • Ability to develop metrics and other measures (KPIs, Dashboards, etc.) for operational monitoring as well as senior management consumption
  • Project Management Professional (PMP) Certification strongly preferred
19

IT Risk Services Resume Examples & Samples

  • University degree in Computer, Electric/Electronic, Industrial Engineering, or related fields,
  • Minimum 2 years experience in a related field, preferably in professional services and/or industry,
  • Professional Certification such as CISA strongly preferred,
  • Willingness to pursue a professional designation,
  • A diverse skill base in IT audit, IT risk advisory, business continuity management, and information systems security,
  • Familiarity with national and international legislation and compliance requirements such as SOX, BTK&BDDK Requirements etc
  • Knowledge of relevant international standards and frameworks such as ISO 27001, ISO 22301, COBIT
  • Experience in reviewing, documenting, evaluating and testing controls in a wide range of environments,
  • Ability to develop and maintain effective client relationships and understand the clients business and project requirements,
  • Understanding of business processes and technical skills to successfully develop effective solutions and complete project assignments,
  • Understanding of the importance of business ethics,
  • Sound project management and job administration skills,
  • Strong Interpersonal skills and ability to interact in a team environment,
  • Excellent written communication skills & strong analytical skills,
  • Must be able to handle highly confidential information in a strictly professional manner,
  • Must be able to maintain professional demeanor in times of high stress,
  • Flexibility to travel
20

VP Mgr-it Risk Assessment & Arch Resume Examples & Samples

  • Conduct security assessments and manage remediation activities for in-house developed applications – must have a strong understanding of secure-coding standards and practices. Be able to develop evaluations of vendor developed code and determining if there are known vulnerabilities
  • Represent IT Risk on organizational project teams and ensure adherence to existing security policies ,standards, and identified reference architectures
  • Lead and Drive the creation of and adherence to Cyber-Security and Information Security Reference Architectures
  • Run secure integration efforts when Moody’s on-boards corporate acquisitions performing the necessary due diligence
  • Act as a security consultant in the delivery of Information Security projects and services for our customers by working directly with key business stakeholders, Moody’s IT (MIT) executives and project teams
  • IT / Cyber Security Architecture
  • Subject Matter Expertise in IT Risk and Cyber Security
  • Shares Services Application: HR, Finance, etc
  • Maintains knowledge base on high profile, public cyber security breaches and able to quickly understand and articulate their associated actors, exploits and opportunities to improve Moody’s specific defense capabilities
  • Strong knowledge of application architecture, development and secure coding practices
  • Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model
21

Avp-it Risk & Architecture Resume Examples & Samples

  • Provide security consulting services for enterprise projects that cross multiple technologies and platforms to ensure alignment with Moody’s Information Security architecture standards
  • Represent Information Security on organizational project teams and ensure adherence to existing security policies ,standards, and identified reference architectures
  • Represent Security Architecture at both Software Development Life Cycle and Product Development Life Cycle reviews
  • Assist to evaluate security concerns with new and emerging technologies with particular focus on Cloud, SaaS, and IaaS
  • Support the successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders, Moody’s IT (MIT) executives and project teams
  • Minimum 7-10 years of experience in IT industry, preferably in a financial services or consulting organization
  • BS or BA degree, preferably in technology/business or equivalent
  • Relevant certifications such as CISSP, CISM are a plus
22

Avp-it Risk Resume Examples & Samples

  • Gain an expert understanding of Moody’s PDLC
  • Partner with the PPQA, Project Delivery, and IT Risk Control teams, to provide the management, organization and written material for Internal or External Audit MIT Responses
  • Assume project management ownership for the implementation of all PDLC enhancements derived from audit findings
  • Working with PPQA, Corporate Planning, Accounting and Internal Audit, Manage the plans and narratives of SOX processes to enable MIT SOX compliance
  • Provide PDLC guidance and support, while also being a solid control point for PDLC process adherence to Project Delivery Teams; escalate appropriately when issues arise
  • Conduct PDLC project phase gates for a select portfolio of large multi-million dollar projects plus oversight on the smaller Maintenance and Enhancement portfolio
  • Key PPQA partner to the IT RISK PMO, enabling process adherence to the PDLC and mitigating audit findings from occurring. Ensure the incorporation of any audit finding remediations are instantiated into the IT RISK project portfolio
  • Create appropriate level metric/reports. Provide support for PPQA status reporting
  • Bring hands on technical acumen and skill sets to the role, driving analysis, development, improvements and efficiencies within the PPQA and IT Risk space
  • Ability to take abstract concepts and themes and formulate concrete proposals ultimately driving selected opportunities through to implementation
  • Extensive experience in partnering closely with an Audit function; proven experience in identifying potential audit findings within a technology delivery organization
  • Hands on and proven experience in implementing projects utilizing various implementation frameworks such as agile/scrum, waterfall, iterative, OPENUP, TOGAF
  • Must have experience driving quality/process management activities in a large environment with a proven track record of delivering methods, disciplines and quality improvements
  • Must have strong, enterprise wide business acumen to operate within this control point function, while being flexible to changing business needs, with a deep understanding of how technology enables a business
  • Experience working with teams that have implemented/worked with the SANS and NIST frameworks and the impact to an organization
  • Solid experience in partnering and supporting an IT Risk Controls function, understanding the relationship of a project portfolio and the implementation or maturation the controls it addresses
  • EXCELLENT written and oral communications with the ability to calibrate the message to various levels of management and job functions
  • Excellent MS Office skill set; SQL and Tableau
  • Excellent consulting skills, in influencing and partnering with end users, providing adherence commentary in a facilitated manner, while still operating as a control point for the organization
  • At least 7 years of experience in an IT Risk function in the a regulated financial services industry
  • At least 7 years of excellent project management experience on large, cross functional, multi-million dollar projects/programs
  • University degree (Bachelor or Master level) in technology or information security related studies
  • PMP and/or Certified Internal Auditor
  • Proficiency in process Industry Standards and Best Practices such as Six Sigma, PMP, CMM, ITIL, TQM
  • Good influencing skills within the team, department, across departments and various levels of management
  • Ability to work well under pressure, respond to tight deadlines and exercise excellent judgment in setting priorities
  • A self-starter, solution orientated and team player
23

Manager, IT Risk Management Resume Examples & Samples

  • Plan and execute client engagements focusing on business processes and risk management in areas such as IT strategy, IT program management, cyber security, service delivery and operations, third party management, data management, application management/SDLC and service continuity management amongst others
  • Conduct IT risk assessments to identify risk and controls gaps and provide sustainable solutions for executing risk mitigation project
  • Stay current with industry standards and regulatory requirements around IT such as COBIT, ITIL, etc
  • Apply understanding of Governance Risk and Compliance (GRC) tools and technologies
  • Five years of experience in any of the following areas: IT Risk Management, 2nd line of Defense, Risk & Compliance, CISO or IT Strategy
  • Bachelor’s degree in an appropriate field from an accredited college/university
  • Hands-on experience performing IT risk assessments to identify risk and controls gaps as well as providing sustainable solutions for executing risk mitigation
  • Strong understanding of IT Frameworks (i.e. COBIT, ITIL, ISO and COSO)
  • Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future
24

CCB IT Risk Secops Lead Resume Examples & Samples

  • Assist in documenting and implementation of processes related to on-boarding requirements for applications/platforms feeding into the firm’s certification tools
  • Perform oversight process execution, to include reactionary steps when KPIs are not in a "green" status and escalation paths to leverage if required
  • Assist with definition and rationalization of change management rigor for IAM changes
  • Lead hands-on management and execution of the certification cycles pre-cycle, post-cycle, and during the cycle
  • Serve as the back-up to the IAM lead as it relates to project engagement, IAM tool governance, analysis & implementation of automation opportunities, and security architecture/engineering consultation
  • Collaborate with CCB Cyber Security, Global Technology Infrastructure, Corporate Cyber teams, and Line of Business Information Risk Management teams for issue resolution and mitigation
  • Support innovation and enhancement efforts within the CCB Cyber Security function
  • Communicate and escalate issues and incidents as required by process or management
  • Consistently identify, assess, and manage technology risks across all environments. Where controls are not adequate, escalate those concerns and assist with driving improvements to the overall control environment
  • To accomplish this goal, the team partners with Corporate groups including the Global Privacy Office, Corporate ITRM, and Audit, and also with CCB groups including Operational Risk and the CCB Technology teams
  • Also serve the business in a consultative manner, providing guidance to the business on addressing identified risks
  • Support day to day technology control reviews, IT risk management oversight, and facilitate remediation efforts as needed
  • Perform validation of IT risk issues prior to closure of assessment identified gap. Identify opportunities for process improvements to deliver increasing efficiency
  • Strong understanding of Information Security concepts
  • Intermediate to strong experience on vb scripting/ powershell / sql
  • Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks
  • Experience in a fast paced, high stress environment
  • Ability to think strategically, work with a sense of urgency and attention to detail
  • Demonstrated ability to be reliable and flexible
  • Demonstrated analytical, problem solving, and prioritization skills
25

IT Risk Management, AVP Resume Examples & Samples

  • Minimum 3-5 years experience in system development projects/maintenance for financial institutions
  • Ability to work with both User Department and AITD staffs
  • Needs to be able to work under pressure and to meet deadlines
  • Background in banking or financial industry
  • Knowledge of bank regulatory requirements and financial industry standards
  • Knowledge of global standards/frameworks for IT governance, such as COBIT, PMBOK, etc
  • General understanding about component/architecture of systems and the security requirements
  • Skill to materialize and run PDCA-cycles
  • Skill to develop and maintain procedures and guidelines
  • Skill to communicate technical processes with business users in non-technical terminology
  • Skill to use project management tools such as MS Office, MS Project and Visio
26

IT Risk Avp Resume Examples & Samples

  • Support the 'Risk Excellence' culture within the business
  • Lead or support EMEA IT regulatory assessments and advisory projects including recurring activities such as CHAPS controls attestation
  • Develop and maintain a tracker of all EMEA IT regulatory activity and coordinate driven responses to regional regulators
  • Support IT Governance and IT Risk Management activities and attend relevant forums. This includes producing EMEA ITGRC reporting (e.g. IT audit issue remediation, IT regulatory assessments status, IT risk radar etc.)
  • As appropriate, support 3LoD reviews by coordinating responses and the process for reporting self-identified issues
  • As appropriate, identify and notify the US based team about new IT regulations and coordinate impact analysis for those regulations where necessary
  • FS experience / Big 4
  • Experience in IT regulatory compliance and response management
  • Experience in IT control attestations including Cyber and Business Continuity management
  • Understanding of IT regulations in the UK, Germany, Luxembourg. Other European jurisdictions would be a plus
  • CISA/CRISC
  • BSc in Business Information Technology
27

IT Risk Resume Examples & Samples

  • Risk Assessment and Internal Controls: Assess process risk during project implementations and process redesign. Effectively communicate process and system risks to all stakeholders to allow management to make more informed decisions and obtain appropriate buy-in for key project decisions. Document and test key process controls during the implementation phases to ensure key risks are adequately mitigated prior to go-live. Evaluate access and segregation of duties based on least privilege access. Serve as a liaison between functional teams, technical teams, internal audit, controller’s office, business process owners, and external audit. Provide controls training
  • Project Management: Develops and executes multiple concurrent project plans in alignment with the global product vision and strategic road map. Manage to project timelines and cost
  • Compliance Support: Participate in controls and compliance initiatives in adherence to Sarbanes-Oxley (SOX) compliance and departmental risk assessments
  • Develops and executes projects plans and business requirements that align with the teams' strategic road map
  • Drives the execution of multiple business plans and projects
  • Ensures business needs are being met
  • Manages multiple concurrent projects and functional support activities globally
  • Provides leadership and addresses competencies and skill gaps
  • Provides supervision and development opportunities for associates
  • Strong interpersonal and presentation skills, including influencing skills, managerial courage, developing others, for communicating at all levels and across all functions
  • Knowledge of sound business and control practices
  • A high energy level and strong work ethic with a commitment to continuous improvement in a dynamic and changing environment that strives to exceed expectations
  • Demonstrated ability to build strong relationships at all levels and able to work in a multi-cultural environment
  • Knowledge of Sarbanes-Oxley requirements
  • Master's Degree, Accounting, Information Technology, or related field
28

IT Risk Remediation Resume Examples & Samples

  • Identify , define and drive tactical and strategic programs of work to improve GPS Risk and Control environment
  • Track progress, escalate overdue actions and provide advice on all GPS Risk activities risk projects, to ensure sustainable and timely risk remediation and appropriate stakeholder sign off, by agreed due dates
  • Conduct quality checks of raised Operational Risk Issues (ORIs) and work with internal and external entities ( IMT/EY etc. ) to define/agree appropriate remediation actions to remediate and remove deficiencies
29

Director, IT Risk Management Resume Examples & Samples

  • 15+ years of comprehensive experience in financial management, including substantial experience in compliance/risk assessment activities, operating controls, process improvement, internals control and management of internal and external audit issues
  • Bachelor's degree in accounting or finance required. Master's degree in business, finance, accounting or related field preferred. CPA preferred
  • Experience in executive level communications
  • Experience supervising professional staff with a proven ability to develop, motivate & acquire a Finance team globally
  • Experience in managing enterprise-wide activities in complex, matrixed organizations
  • Experience with the project management processes, tools, techniques and methodologies
  • Expertise in risk management strategy and techniques as well as internal control design and assessment. Clear understanding of the COSO framework, ERM and other risk and controls concepts and frameworks critical for the organization’s success
  • A high level of risk and internal control acumen and senior executive presence
  • Experience in implementing, enhancing and successfully managing an Internal Audit or SOx function with a global multinational company with a highly complex matrixed environment
  • A strategic mind set and broad thinking to lead the program as the company scales
  • Strong influencing skills coupled with technical risk management expertise. This also includes a mature business approach to problem solving, conflict resolution and influence
  • Ability to build strong and productive working relationships with staff at all levels across the company
  • Possesses strong analytical skills and has a thirst for knowledge (i.e., highly inquisitive)
  • Experience managing executives and cross-functional teams, including people development skills and leadership qualities. International experience and ability to work across cultures
  • Excellent listening and communication skills in order to effectively interface with all levels of leadership
30

IT Risk Resume Examples & Samples

  • Significant experience within 1LoD/2LoD/3LoD
  • CISA/CISSP/CISM
  • Financial services experience would be an advantage
31

IT Risk Management Resume Examples & Samples

  • Experience in Change Management- ITIL Certified
  • 2+ Years of experience
  • Manage and drive third parties to the quick resolution of change
  • Good exposure of infrastructure technologies
32

Senior.group Mgr, IT Risk Mgmnt Resume Examples & Samples

  • Risk Identification, Assessment and Evaluation
  • Develop an IT risk reduction and awareness program
  • Assemble and lead an experienced taskforce to partner with business teams on correlating identified technology risk scenarios to relevant business processes
  • Collaborate with senior business risk managers and key stakeholders to validate technology’s portion of their risk appetite
  • Utilize the IT Risk Model portion of the Service Maturity Model (SMM) framework to identify, assess and evaluate risk for all IT Services. Integrate SMM with a critical business component
  • Conduct training/workshops to ensure that stakeholders understand and contribute to the risk management process
  • Risk Treatment
  • Develop technology risk response action plans used to mitigate risk factors identified during risk assessments
  • Create and oversee a team of technology control specialists that will drive the mitigation of risks in the technology environments
  • Provide CIO and IT service leaders with actionable recommendations for improvement
  • Conduct and lead a technology root cause analysis program and drive improvement resulting from the findings
  • Establish risk control processes and procedures
  • Risk Analytics and Monitoring
  • Automate the collection, validation and analysis of data used to create technology key risk indicators (KRIs), and monitor and communicate their status to relevant stakeholders
  • Create programs to mitigate technology issues identified by KRIs
  • Drive remediation of issues highlighted by KRIs
  • Control Testing
  • Create a financial services industry-leading automated control testing solution
  • Supervise control testing activities to ensure they are delivered effectively
  • Lead efforts to test information systems controls used to verify effectiveness and efficiency of technology solutions
  • Ensure all technology controls are assigned control owners to establish accountability
33

VP-it Risk Assessment & Arch Resume Examples & Samples

  • Manage and enhance the IT Controls program including risk and controls library, processes, and reporting
  • Manage and enhance technology-enabled workflow(s) and automated IT-GRC processes for Controls program
  • Manage IT risk management processes to identify, analyze, mitigate and monitor IT cybersecurity risks
  • Centralizing IT relationships and coordinating interactions with internal and external auditors, regulatory authorities and customers' vendor risk assessment programs
  • Partner with Risk Management teams to ensure alignment with firm-wide operational risk management framework, policies, processes, risk appetite and tolerance
  • Minimum 8-12 years of experience in IT industry, preferably in a financial services or consulting organization
  • Strong familiarity with IT Risk Controls methodologies and established criteria
  • Experience managing Audit/Regulatory Issues to Closure
34

SVP Mgr-it Risk Management Resume Examples & Samples

  • Provide security architecture designs, design approvals, and consulting services for enterprise IT projects that cross multiple platforms and ensure alignment with Moody’s desired security architecture and library of best practices
  • Be an authority on secure implementation of Moody’s Integrated Bus – with specific attention to encryption capabilities on MQ/IIB
  • Act as a liaison to Moody’s Enterprise Architecture Group, ensuring Moody’s is adhering to architecture best practices such as TOGAF and SABSA frameworks for Architecture Initiatives
  • Mature and help implement Moody’s Threat Modeling capability with SDLC and Application development efforts
  • Support the creation of Moody’s Information Security policies and standards aligned with industry best practices and business needs
  • Run secure integration efforts when Moody’s on-boards corporate acquisitions
  • Evaluate security concerns with new and emerging technologies with particular focus on Cloud, SaaS, and PaaS; knowledge of MS Azure and a recommended security feature-set is ideal
  • Own the successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders, Moody’s IT (MIT) executives and project teams
  • Minimum 10 or more years of experience in the IT industry, with specific focus performing at least two of the following roles
  • Financial Services IT Operations
  • Consulting within the IT Industry with particular focus on Enterprise Architecture (familiarity with both TOGAF and SABSA are plusses)
  • Adaptability and flexibility to work on a variety of assignments as defined by constantly evolving priorities
35

IT Risk Assessment Team Lead Resume Examples & Samples

  • Lead a team of risk assessment analysts and provide trainings where needed
  • Develop a deeper understanding of business processes, functions and internal control designs
  • Conduct risk assessments of high profile technology projects and RCSA process in an established/required timeline
  • Create and communicate risk assessment reports to relevant teams
  • Work closely with the other functions within the IT Risk Office team
  • Determine compliance with policies and procedures
  • Support audit reviews as needed
  • Initiate process improvement activities
  • Manage expectations effectively and escalate where appropriate
  • 6-7 years risk and audit experience in financial services, through public accounting/auditing and/or industry experience
  • Sarbanes- Oxley (SOX) experience
  • Demonstrate leadership skills
36

IT Risk Leader, PMP Resume Examples & Samples

  • Support the development and maintenance of the CEDCaP Risk Management Plan and program level risk register
  • Support the CEDCaP RRB meeting where the following is presented: proposed risks, risk origins and context, translating the risks to appropriate context; and assignment of the risks
  • Bachelor's degree in a related field and seven (7) years of IT experience to include a demonstrated and proven knowledge of IT risk management
  • PMP certification through PMI is required
  • Track, measure, report, and communicate project risks
  • Interact with Government project managers to ensure timely and accurate performance status input
  • Facilitate meetings with Government staff
  • Edit, quality check, and produce polished deliverables, free of errors
  • Support data calls, perform related analysis, and develop reports
  • Have strong communication skills, both written and spoken
  • Maintain a customer-service focus
  • Experience supporting Government clients
  • US Citizenship required for this program and ability to obtain a Public Trust clearance
37

Senior Director IT Risk Management Resume Examples & Samples

  • Provide oversight, independent challenge and reporting to ensure the current and planned technology environment is operating as intended for S&P Global Ratings
  • Participate in the S&P Global risk governance committees for technology risk, cyber security and business continuity
  • Work with Senior managers across S&P Global Ratings to set S&P Global Ratings risk appetite and risk tolerance for technology risk, cyber security and business continuity
  • Design, develop and implement a process for S&P Global Ratings businesses to facilitate identification, assessment and prioritization of business risks and threats related to technology risk, cyber security and business continuity across the enterprise
  • Design, develop and implement a process for the S&P Global Ratings businesses to measure risk exposure for technology risk, cyber security and business continuity and formulate risk mitigation strategies for technology risk, and recommend strategies to S&P Global for mitigation cyber security and business continuity across the enterprise
  • Provide independent assessment on existing and identify new or emerging risks. Maintain an active list of external and self-identified issues with action plans for issue closure. Stay abreast of industry related events and enhancements to mitigate potential risks
  • Present findings and observations to S&P Global Ratings’ Chief Operating Officer and Chief Technology Officer to determine accountability and appropriate action plans
  • Provide oversight of S&P Global Ratings businesses to ensure that appropriate risk controls are designed and implemented for technology risk, and business continuity in line with enterprise-wide risk appetite
  • Contribute to the design, documentation and maintenance of the necessary policies, standards and controls for technology risk, cyber security and business continuity across the enterprise
  • Oversee the implementation of S&P Global and S&P Global Ratings policies and standards for technology risk, cyber security and business continuity for S&P Global Ratings
  • Coordinate with the Legal and Compliance functions during regulatory examinations associated with technology risk, cyber security and business continuity
  • Bachelor’s and advanced degree (Master’s or MBA) required; relevant professional certifications strongly preferred
  • 12+ years of industry experience in Financial Services
  • Strong IT Risk Management experience and knowledge including, but not limited to: cyber security, business continuity, IT risk framework, data security, access management, policies, validation and testing
  • Broad understanding and knowledge of industry best practices and regulatory processes and expectations, but an innovative thinker to stay abreast of evolving threats and risks to the financial services industry to ensure a proactive response and to mitigate risk
  • Prior experience developing strategy, plans, education and cultural transformation to address the highly dynamic IT and cyber security risk environment. Ability to present to and engage with Senior Management, Board of Directors, regulators, government officials, and industry leaders are paramount to succeed in this role
  • Track record of collaborating with global financial institutions to address risk related issues across lines of business, functions and geographies
  • Significant experience at leading and managing change programs
  • Problem Solving: Leads and uses conceptual and innovative thinking (i.e., identifying new/different solutions) to solve issues. Looks beyond immediate problems for wider implications and determines best path forward
  • Interpersonal Skills: Requires a highly developed communications skills and ability to negotiate internally and often at higher levels. External communications may be a need but not a primary focus
  • Nature of Impact: Leads and directly impacts the professional and/or technical direction and strategy for a discipline or a core product including shaping and designing new policies, procedures and standards
38

Lead Manager, IT Risk Management Resume Examples & Samples

  • Strong working knowledge of technology controls testing and validation function
  • Ability to follow and recommend improvements to documented planning, testing, and reporting procedures and testing methodology
  • Operate within a highly collaborative remote team environment to deliver consistent value added opinions on the design and effectiveness of technology controls applicable to CTS services and associated business partners
  • Demonstrate ability to understand, design execute, and validate internal controls and testing for complex processes and requirements
  • Automation of Control testing (utilize NEXEN platform and developing required API’s)
  • Offer and ground suggestions to ensure adherence with all corporate policies and standards, regulatory requirements and industry best practices
  • Understand risk exposure for applicable controls as well as evaluate mitigating controls for the risk exposure
  • Perform testing tasks of complex difficulty, demonstrating a degree of “professional skepticism” to challenge the relevance and effectiveness of controls based on results
  • Interact with audit, line 2 and other stakeholders and risk representatives from multiple lines of business
  • Serve as liaison and consultant and evaluate impact of new technologies, processes or tools within the technology control area
  • Establish and maintain good client relations during testing engagements. Assist in communicating the results of some audit projects to management via written reports and oral presentations
  • Ability to work with strategic direction to plan and implement tactical tasks required to deliver on the strategy
  • Effectively manage a team of remote technology control testers
  • Demonstrate working knowledge of technology focused controls and/or audit testing methodologies
  • Effectively leverage knowledge of Industry standards related to technology controls
  • Use ability to communicate effectively to stakeholders
  • Demonstrate understanding of IT risks and risk mitigation
  • At least 3 Years’ experience in Controls Testing or IT Audit
  • At least 3 Years’ experience in Information Technology
  • At least 2 Years’ experience leading teams of at least 5 associates
39

Director IT Risk Management Resume Examples & Samples

  • Internal Control/Operational Risk Management
  • Compliance or related experience in the financial services/banking industry Information Security
  • Five years’ experience in leading and managing multiple programs with high functioning team members
  • Five years of Information Security or Technology operational team experience (ie. Vulnerability Management, Change Management, Incident and Problem Management)
  • Thorough understanding of compliance, risk management and internal control frameworks
  • Requires an ability to design, implement and operate risk processes and methodologies in a manner that effectively supports business objectives and manages operational risk requirements
  • Executive presence and ability to tailor communication style based on audience, from employee to peers to executive leadership
  • Strategic thought leader, with experience in developing strategies, and processes to deliver against the designed objectives
  • Proven ability to influence and drive transformation by leading complex, large-scale, cross-functional initiatives
  • Ability to understand, analyze data and produce meaningful conclusions
  • Strong interpersonal skills and ability to collaborate effectively
40

VP IT Risk Management Resume Examples & Samples

  • Establish a partnership with the first line business leaders and teams in Technology to identify, assess and actively manage risk across Technology Infrastructure, Technology Development and the Information Security Organization (led by the CISO) according to E*TRADE’s Enterprise Risk Management program provide effective challenge
  • Build/augment the IT Risk organization to actively manage risk according to oversight and regulatory requirements including governance, metrics, RCSA ongoing oversight, coaching and Quality Reviews, application risk assessments and infrastructure technology assessments
  • Monitor and measure changes to the SDLC process and lifecycle
  • Perform or manage resources that will perform specific Quality Assurance over the SDLC process and lifecycle including: SDLC Policy adherence, providing an assessment of risk participation in the overall process and during all project analysis and review and post mortem. Provide differentiation between first and second line QA and escalation for meaningful impact and present quarterly reporting and tracking of metrics and improvements. Articulate areas to improve risk management and recommend corrective actions and new policies, when necessary
  • Become the point of contact and second line owner during regulatory exams of IT risk and other exams, when necessary
  • Chair or participate in Technology Governance as required
  • Assess the risk within Key Enterprise Programs and functionality against FFIEC and other regulatory requirements. Review and recommend enhancements, as appropriate. Take ownership of some Plan items and evidence
  • Develop an ongoing partnership with other second line risk leaders of Data Governance, Enterprise Data Management, Third Party Oversight, Enterprise Risk Management and Operational Risk of Operations and Brokerage businesses
  • Refine process documentation to align with Regulatory requirements and best practices as noted through organizations such as NIST, BITS, ISO, and COBIT
  • Knowledge of ISO 27000 frameworks, BITS SIG, or COBIT/SOX IT control testing
41

Spclst IT Risk Mgmt Resume Examples & Samples

  • Collaborates with IT Security management in the development of enterprise Security assessment tools and policy and procedures
  • Performs vulnerability assessments as assigned utilizing I.T. Security tools and methodologies. Summarizes risk posture across the Health System or within specific business units
  • Identifies opportunities to reduce risk within the Health System, detects and remediates vulnerabilities and ensures compliance and audit readiness
  • Makes recommendations for corrective action and documents management decisions regarding acceptance or mitigation of risk scenarios
  • Facilitates and monitors performance and compliance of risk remediation tasks. Reports on findings
  • Liaises with Health System's partners and vendors regarding the security maintenance of their systems and applications
  • Participates in the development of 'security awareness' education and training, as necessary
  • Experience with threat intelligence highly preferred
  • Shell scripting experience highly preferred
  • Vulnerability scanning experience highly preferred
  • High School Diploma or equivalent, required and minimum of eight (8) years progressively responsible information technology risk management experience, required
42

Spclst IT Risk Mgmt Resume Examples & Samples

  • Experience with governance policies and procedures highly preferred
  • Risk or Audit compliance highly preferred
  • Strong writing and presentation skills highly preferred
43

Avp-it Risk Assessment & Arch Resume Examples & Samples

  • Own the security roadmap by working with security product owners and delivery leaders to develop multi-year plans that align capabilities with risks and threats
  • Develop executive presentations on information security
  • Coordinate key security touch points comprised of senior executives, track action items, and maintain presentation material
  • Bring groups together to share information and resources and create better decisions, policies and practices
  • 5 – 8 years or more of enterprise level information security program management role Requires good interpersonal skills, ability to function in a fast paced, short-deadline environment, and the ability to come up with innovative cost-effective decisions
  • Ability to communicate effectively with all levels of the organization’s workforce, while maintaining appropriate confidentiality
  • Possess excellent writing and communication skills to effectively develop policies, and procedures, reports and documentation
  • Ability to work individually, as part of a team and matrix-manage other staff depending on the initiative
  • Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)
44

VP-it Risk Assessment & Arch Resume Examples & Samples

  • The senior analyst must analyze information security systems/applications; make recommendations and develop security measures to protect information against unauthorized modification or loss
  • The senior analyst will work with the various development teams to implement application security practices that meet Moody’s defined policies and standards for information security
  • The senior analyst will serve as subject matter expert for best practices and security controls for application security and will work with the various development teams to implement controls that are appropriate for Moody’s information security
  • Efforts will include
  • Performing functional requirement reviews and technical design reviews
  • Identifying application security requirements for projects
  • Managing the application vulnerability assessment process and tools (SAST and DAST) focused on client-server, web, and mobile applications
  • Identifying, communicating, and driving the resolution of vulnerabilities
  • Providing reports to development management and business management on the status of vulnerability remediation for their applications
  • Serving as a subject matter expert for security in application projects
  • Developing and updating security patterns aligned with security requirements
  • Coordinating and collaborating with server infrastructure engineering, network infrastructure engineering, business application development, and database administration functions to ensure confidentiality, integrity, and availability of corporate infrastructure meets business demands
  • Performing other security-related projects that may be assigned according to skills
  • Bachelor’s degree in a technical or business discipline
  • 4-6 years or more of experience, primarily in information security, application development, architecture or a related field, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives
  • Experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) tools, and enterprise architecture tools
  • Deep understanding of OWASP Top 10 and SANS Top 25 vulnerabilities
  • Strong experience with data visualization concepts and tools
  • Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting purposes; some development experience is preferable
  • Experience with Veracode (or other SAST/DAST tools), Jira, ServiceNow, and Splunk is preferable
  • CISSP, GIAC, CISA, CISM, TOGAF certifications preferable
  • Ability to work individually and as part of a team
45

IT Risk Services Manager Resume Examples & Samples

  • Provide high-quality client service
  • Exhibit good communication skills, verbal and written
  • Ability to document your work in a detailed fashion through use of electronic work papers and manage others
  • Enjoy working at a fast pace and meeting deadlines
  • Ability to identify risks and controls
  • Provide clients with practical solutions to their issues
  • Exhibit discipline and organizational skills to accomplish assigned responsibilities within specified timeframes and within identified budget constraints
  • Manage engagement performance
  • Develop client relationships
  • Proficient at MS word and excel
  • Ability and willingness to travel to serve clients should be expected
  • Bachelor’s degree required; Preferred: MIS, Accounting or related field
  • Minimum of 5+ years of SOC or IT Audit Experience required
  • Required: CPA, CISA or CISSP certifcations
  • Experience in public accounting firm testing IT Controls over Financial Reporting, SSAE 16/SOC 1 and SOC 2, SOX or internal audit in a public company and/or regulated industry highly preferred
  • Experience managing people and multiple engagements highly preferred
46

Manager, IT Risk Resume Examples & Samples

  • 3+ years experience in information systems, preferably within a governance, risk, compliance role
  • BA or BS Management Information Systems, Computer Science, or Engineering
  • Obtained or demonstrates an active pursuit of one or more of the following certifications: Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or other related certification. Project Management Professional (PMP) is a plus
47

Mgr, IT, Risk Assessments Resume Examples & Samples

  • IT Technical Risk Assurance: Assessing the enterprise against IT threats and risks through governance, compliance, identification, and validation. This includes
  • Performing IT Technical Risk Assessments
  • Performing detailed assessments around
  • Technical Privacy
  • Disaster Recovery
  • Infrastructure
  • Emerging technologies
  • Secure systems development
  • Technical Vendor Management
  • Compliance with Industry and IT Regulations
  • Providing technical audit resources to support IT Governance Assessments
  • Security Assurance: Assurance over the general activities and concerns of Charter security function including: governance, policy, control design, general operational effectiveness and internal controls. This includes
  • As part of an integrated model with Advisory the providing of Internal Audit, Third Party Assurance, External Audit support around an organizations IT Security
  • Security Governance and Compliance with various frameworks
  • Security Risk Assessment
  • Infrastructure Assessments
  • Attack and Penetration
  • Architecture and Technology Security Assessments
  • Emerging Technologies
  • IT Technical Audits
  • Internal/External Audits
  • Audit Technology Risk Assessments
  • Technical resources to support IT Internal Audit outsourcing , co-sourcing, staff augmentation
  • Provide technical assurance skills around IT and Security as listed on the left
  • Third Party Assurance
  • Technical audit of vendor SAS 70, AT101, SysTrust, WebTrust,
  • Demonstrates proven success in a role that emphasizes a thorough knowledge of technical aspects of the following areas: IT Audits, IT Risk Management, Information Security and/or Technical Privacy. Demonstrates thorough technical and operational Information Security knowledge, and/or standard industry practices relating to the areas of Information Security & Technical Privacy, in order to assist Charter with the assessment and improvement of its security infrastructure
  • Demonstrates thorough knowledge of performing IT Risk & Security assessments across a broad range of technologies, leveraging thorough technical and operational knowledge of Information Security best practices and industry standards to define the security controls and processes that are appropriate for the Charter
  • Demonstrates thorough experience as an auditor or Information Security analyst in a professional services firm or large enterprise, which includes
  • Interfacing with internal external customers on control solutions
  • Leading the planning and execution of projects in the following areas: Information Security, Risk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management
  • Demonstrates thorough abilities with the utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc), mainframe, firewalls, routers, wireless environments, mobile devices, and cloud computing
  • Demonstrates thorough abilities with performing the following as it relates to Information Security strategy, organization, policy and Governance: information security, IT audits, risk assessments, network and application penetration testing and security assessments, intrusion detection, vulnerability/risk validation, and secure application development
  • Demonstrates thorough abilities to identify and address business sponsor needs: actively participating in business sponsor discussions and meetings; communicating a broad range of services; managing engagements including preparing concise, accurate documents and balancing project economics management with the occurrence of unanticipated issues
  • 6 years of experience in IT Risk Management and/or IT Internal Audit including experience in Information Security & Technical Privacy
48

Assoc Spclst IT Risk Mgmt Resume Examples & Samples

  • Collaborates with IT Security management on proposed enhancements to enterprise security assessment tools, policies and procedures
  • Supports vulnerability assessments utilizing IT Security tools and methodologies. Summarizes risk posture across the Health System or within specific business units
  • Works with management to identify opportunities to reduce risk within the Health System including detection and remediation of vulnerabilities, compliance with regulatory requirements and audit readiness
  • Makes recommendations for corrective actions and documents management decisions regarding acceptance or mitigation of risk scenarios
  • Facilitates and monitors performance and compliance of risk remediation tasks. Reports on findings and status of corrective action plans
  • Liaises with Health System’s partners and vendors regarding the security maintenance of their systems and applications
  • Creates and presents changes related to risk mitigation to Change Authorization Board, as needed
  • Provides weekly status on project status, including outstanding issues
  • Participates in the development of ‘security awareness’ education and training, as necessary
  • Performs related duties, as required
  • Bachelor’s Degree in Information Security, Audit or related field, required, AND a minimum of two (2) years progressively responsible experience in Information Systems, required
49

IT Risk Management Resume Examples & Samples

  • Contract through May 2018
  • W2 basis only- No sponsorship
  • Cary, NC
50

Manager, IT Risk Assessment Resume Examples & Samples

  • Identify risks which might occur
  • Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
  • Continuously evaluate communication security, data vulnerability, business continuity, and compliance risks
  • Identify vulnerabilities or weaknesses in systems
  • Examine employee compliance with security controls and deficiencies
  • Evaluate security policy, processes and procedures for completeness
  • Ensure that controls are adequate to protect sensitive information systems
  • Clearly document and define risks and potential impacts of an event and identify systems affected by the defined risk
  • Assist in identifying breaches in security or tracking the source of an unauthorized intrusion
  • Identify defensive steps to take, including necessary firewalls, security software and data encryption
  • Work with the COM ITS to ensure that infrastructure and applications patching and remediation be done
  • Communicate recommended business continuity preparations and controls, including deficiencies, to business units
  • Recommend improvements in network security, identity management and logging
  • Bachelor’s degree in Information Technology or a related area AND three years of information technology experience which may include systems administration, network systems administration, applications design/development which would include a minimum of two years information security specific experience; OR, seven years of progressive information technology experience which may include systems administration, network systems administration, applications design/development which would include a minimum of two years information security specific experience; OR, any equivalent combination of experience, training and/or education
  • Management expertise in determining and recommending actions and affecting change across the College, providing a clear understanding and the information necessary for departments and individuals to carry out their responsibilities for information security risk management
  • Security specific certification such as CISSP, various GIAC (such as GCED, GPPA), or CISM
  • In-depth experience addressing the technical controls of at least one of the following: PCI-DSS, HIPAA, GLBA, FERPA, NIST 800-171
  • Experience leading complex security-related projects
  • Experience working in an academic medicine, research, or patient care organization
51

VP-it Risk Assessment & Arch Resume Examples & Samples

  • Provide security architecture designs and security consulting services for enterprise IT projects that cross multiple platforms and ensure alignment with Moody’s security architecture
  • Conduct security assessments and manage remediation activities for in-house developed applications – must have a strong understanding of secure-coding standards and practices. Be able to evaluate of vendor developed code and security designs and determine if there are vulnerabilities in the delivered solutions
  • Act as a liaison to Moody’s Enterprise Architecture Group, ensuring security designs is incorporate architecture best practices such as TOGAF and SABSA frameworks
  • Work directly with product and development managers to track and remediate application vulnerabilities
  • Represent Information Risk on organizational project teams and ensure adherence to existing security policies ,standards, and identified reference architectures
  • Support the creation of and adherence to Cyber-Security and Information Security Reference Architectures by developing reusable patterns for security
  • Represent Security Architecture at both the Moody’s Software Development Life Cycle forum and Product Development Life Cycle reviews
  • Evaluate security concerns with new and emerging technologies with particular focus on Cloud, SaaS, and PaaS; knowledge of MS Azure / AWS is a plus
  • Own the successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders
  • Minimum of 10 years of experience in the IT industry, with significant portion of the time spent in security architecture or engineering roles
  • Ability to articulate the business risk associated with identified security weaknesses
  • Knowledge of the software development methodologies, including waterfall, agile, and DevOps
  • Strong knowledge of regulatory standards that govern Information Security practices within the Financial Industry such as SOX, PCI, and state and federal privacy laws
  • Knowledge of Identity and Access Management (IAM) technologies such as Identity Management platforms, Active Directory, Authentication/Authorization protocols, Provisioning, and Single Sign On technologies
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background
  • Strong presentation skills involving large and of varying IT background audiences
52

VP-it Risk Assessment & Arch Resume Examples & Samples

  • Own the security roadmap by working with security technology owners and delivery leaders to develop multi-year plans that align capabilities with risks and threats
  • Develop executive presentations on information risk and security
  • Work with security project teams to ensure that project deliverables are aligned with the security roadmap, control program and risk management process
  • Stay abreast of information security issues and regulatory changes affecting public companies. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position
  • 10– 14 years or more of enterprise level information security program management role Requires good interpersonal skills, ability to function in a fast paced, short-deadline environment, and the ability to come up with innovative cost-effective decisions
  • Subject matter expert that is able to speak with authority about the current security technology landscape and has direct experience with two or more of the following domains: Identity Management, Security Monitoring, Incident Response, Network Security, Public Cloud, API Management, Security Frameworks (e.g. NIST)
53

Manager IT Risk Management Resume Examples & Samples

  • Collaborate with various IT departments and control owners to understand, assess and address operational risks and exposures through a risk and control self-assessment process
  • Maintain the 2015 COSO Framework mapping documentation and gap assessment and follow-up on remediation if necessary
  • Monitor SOX related IT controls as well as overseeing change management for work processes
  • Identify and recommend changes to improve efficiency as well as process for IT key controls and process flow
  • Conduct an analysis of internal policies, guidelines, procedures and processes to evaluate the accuracy and adequacy of internal controls, operations, and reporting. Included within this responsibility is the facilitation of the Sox/404 process
  • Identify and mitigate areas of risk which might arise from inadequate or failed internal processes or systems
  • Team with internal and external audit to review the results of SOX testing and work with line-of-business owners to resolve deficiencies and further refine/define controls
  • Assist with procedures to monitor those risks and related drivers using key risk indicators. Make recommendations to address and mitigate identified risks
  • Execute the operational risk and control self-assessment process and measurement program utilizing risk control tools and key risk indicators including all core products, activities, processes and systems
  • Provide direction and support to the IT Controls Owners for the design, collection, analysis and reporting of operational risk data
  • Update and maintain the SOX control database; oversee the execution of control testing, review test work papers for quality and act as SOX SME for process
  • Participate with other Risk Management teams (compliance, credit, market risk) to identify current and emerging risk exposures and develop appropriate risk mitigation strategies
  • Support other responsibilities of the Operational Risk Department
  • BA/BS degree preferred with a strong academic record
  • At least 8+ years’ experience with an emphasis on evaluation of internal controls or operational risk in one or more of the following areas: IT Processes and General Controls, operational/enterprise risk management, audit, accounting, Sarbanes Oxley compliance
54

Director, IT Risk Management Infrastructure Resume Examples & Samples

  • Establish a partnership with the first line business leaders and teams in Technology Infrastructure to identify, assess and actively manage risk across that function in accordance with the E*TRADE’s Enterprise Risk Management program provide effective challenge
  • Actively manage risk according to oversight and regulatory requirements including governance, metrics, RCSA ongoing oversight, coaching and Quality Reviews, application risk assessments and infrastructure technology assessments
  • Provide ongoing oversight & guidance to the first line to identify, document, track and mitigate risks and technology incidents according to established Issues Management and Risk Acceptance processes identified in the ORM Policy and within the risk system of record. Help to define action plans to track gaps/needs across the technology organization
  • Become the point of contact and the second line owner during regulatory exams of IT risk and other exams affecting Technology Infrastructure, when necessary
  • Participate in Technology Governance as required
  • Complete risk assessments, determine mitigating controls, conduct closing meetings, document thorough IT Risk reports, and identify/track the corrective action through Management Action Plans (MAPs) as required
  • Develop an ongoing partnership with other second line risk leaders of the Technology organization
55

Director, IT Risk Management Resume Examples & Samples

  • Establish a partnership with the first line business leaders and teams in InfoSec to identify, document, assess, and actively manage risk across that function in accordance with the E*TRADE’s Enterprise Risk Management program provide effective challenge
  • Actively manage risk according to oversight and regulatory requirements including governance, metrics, RCSA ongoing oversight, coaching and Quality Reviews, and application risk assessments
  • Provide ongoing oversight & guidance to the first line to identify, document, track and mitigate risks and technology incidents in accordance with the established Issues Management and Risk Acceptance processes identified in the ORM Policy and within the risk system of record. Help to define action plans to track gaps/needs across the InfoSec organization
  • Become the point of contact and the second line owner during regulatory exams of IT risk and other exams affecting InfoSec, when necessary
  • Provide reporting, metrics, risk appetite statement updates and testing as needed
  • Good understanding of security protocols and authentication schemes
  • Experience with DLP and cyber security tools and methods. Knowledge of security controls for handling of Personally Identifiable Information (PII) data
  • Familiarity with network security architecture and firewall technology
  • Prior experience in IT Risk Management, Privacy Impact Analysis, or IT Audit Methodology strongly desired
  • Knowledge of regulations and security compliance requirements affecting financial institutions
  • Excellent organizational, written, presentation and verbal skills