Engineering -Analyst-Risk Governance

YOUR IMPACT

You will be a key addition to the Digital Risk Office Assurance team, which is primarily responsible for supporting the Engineering Monitoring & Testing program. As part of the first line of defense, the Engineering Monitoring & Testing program was established to independently evaluate the design and performance of key controls. We partner with engineering teams across the firm to help them understand what they can do to reduce and manage their risk and make their systems more resilient. 

HOW YOU WILL FULFILL YOUR POTENTIAL

Your responsibilities will include governance aspects of Controls Assurance programs, and issue management. You will work with all pillars within Technology Risk to understand the risks being identified and their potential impact. This will be an opportunity to build broad knowledge of the business and technologies across the entire firm and work with engineers at all levels in the organization. 

JOB RESPONSIBILITIES

• Partner with business units to perform control evaluation, monitoring and testing efforts of key internal controls to identify control gaps as well as opportunities for effectiveness and efficiency improvements. These assessments will include coverage for other regulatory programs including SOX and RCSA.
• Collaborate with cross functional teams and stakeholders to evaluate and validate the design, implementation, and performance of key engineering controls.
• Perform remediation testing to validate if the identified vulnerabilities have been successfully remediated, providing independent assurance that corrective measures have been implemented in a manner that prevents exploitation. 

BASIC QUALIFICATIONS & SKILLS

• Relevant bachelor’s degree (such as computer science, information technology, management information systems or related fields).
• 0-3 years experience in risk management, risk reporting, audits, control assessment and evaluation, governance, etc.
• Basic understanding of IT audit methodologies and control frameworks of IT platforms, processes, systems and controls, including areas such as logical access, physical security and change management controls at an infrastructure and application level.
• Familiarity with risk management framework, industry standards, financial industry regulatory requirements.
• Experience with any data analysis/visualization tool such as Excel, Tableau, Power BI, R, SQL, etc.
• Basic understanding of risk management principles or Sarbanes–Oxley Section 404, SOC 1 and SOC 2 reporting.
• Familiarity with general and cyber security related Information technology controls design and reviews.
• Ability to work effectively in a global team environment and drive results in a matrixed organization.
• Results oriented, strong sense of ownership and eagerness to learn.
• Strong sense of ownership and accountability.
• Clear communication skills, both verbally and in writing.

PREFERRED QUALIFICATIONS

• Understanding of information technology audit and control frameworks such as NIST COBIT and ITIL