Position Summary:
We are looking for a Technology Controls Office (TCO) Support Person who will be supporting the reporting and remediation of technology and cyber risk issues or control gaps as identified in collaboration with the enterprise stakeholders and ensure the remediation is in alignment with enterprise standards and solutions.
Responsibilities:
Strategic Support
· Support the process of gathering, analyzing and assessing cyber threat landscape and reporting of cyber risk posture
· Drive the TCO mandate for Technology to mitigate technology and cyber risk issues from audit and regulatory compliance perspectives
· Contribute to security oversight of IT system design and implementation to ensure all security controls and components are integrated according to Enterprise Architecture and industry standards
· Represent Technology in the development and enhancement of enterprise technology and cybersecurity control standards and processes
Operational Support
· Support Technology to ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to current and emerging cyber threats.
· Provide guidance to global and regional TCO teams in the development of technology and cyber risk reporting, monitoring key trends, and defining risk metrics to measure control effectiveness for Technology
· Work with Technology Asset Owners (TAOs) to assess and implement relevant technical controls to support and enforce enterprise technology and cybersecurity standards and policies
· Coordinate with enterprise stakeholders (Enterprise Protect, ITS, ORM, GSI, IT Audit, etc.) to enhance the controls and ensure they are compliance and in alignment with industry standards and regulatory requirements
Requirements
Requirement:
· Minimum 10 years of relevant industry experience in technology risk management (TRM), IT audit and/or cyber/information security functions at major financial institutions
· Deep knowledge and sound understanding in one or more areas of technology risk management principles, internal control concepts, cyber/information security controls, and industry frameworks
· Strong analytical skills to identify control weaknesses or root causes and recommend effective and pragmatic solutions to address risk and control issues
· Collaborative and engaging personality who can partner well with internal and external stakeholders
· Motivated and committed to drill down into risk and control issues with positive attitude
· Able to evaluate and communicate risk and control issues clearly
· Experience in handling audit and regulatory requests
· Strong leadership and communication skills
Certifications:
· Preferably CISA, CISM, CRISC or CISSP