Full-time | Contract
Wolcott, NY
Job description
Position Title: Manager, IT Risk & Auditing
1. Job Summary
· The position will be responsible for managing Cybersecurity and IT Risk Control based on US regulatory requirement and head office policies and standards. This individual will be an integral part of Information Technology Group to provide management with the transparency of the state of cybersecurity and IT risk practices across US branches with the aim to strengthen the control environment and communication
· Develop, implement, and maintain IT risk management processes, controls and local procedures which supports the enterprise-wide risk management framework, through risk identification, risk measurement, risk mitigation, and risk monitoring & reporting.
· Adopt Head Office Information Security Policy and oversees related testing and monitoring of controls for compliance with regulatory requirements
2. ACCOUNTABILITIES
· Responsible to develop and maintain all IT and Cybersecurity local procedures for branches based on US regulatory requirement and Head Office Policies & Standards include but not limited to Information Security Policy and Cyber Security Strategy, associated standards and guidance pertaining.
· Development of Business Continuity, Incident Response Strategy and plans,
· Identify strengths and weaknesses in the Information Security Program as they relate to privacy, security, business resiliency and compliance frameworks to detect, prevent and react to current and emerging information security threats Prepare for IT related risk assessments and gap analysis against internal controls and regulatory requirements
· Updating IT management of any new regulatory requirements, and/or any newly identified IT risk on regular basis
· Working with Head Office Risk Control & Governance, Operational Risk Management, and Compliance staff on implementing enhancement of risk management initiatives.
· Advise on and challenge control matters as needed
· Respond to incidents including suspected cybersecurity incidents according to incident response plan and playbooks
· Oversight of KRI reporting and review indicators healthiness and , provide regular update to US IT Committee and relevant oversight committee in Head Office.
· Support and assist with branch audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication and ownership.
· Participate in IT governance related meetings and articular IT risk control issues to ITG management and branch management
· Coordinate internal and external parties to conduct security assessment (such as Red/Blue/Purple team and penetration test) based on regulatory requirement.
· Based on head office requirements to organize security awareness education program and necessary trainings for US branches to promote the security cultures.
· Ad-hoc task or projects assigned by IT management and head office related to Information Security.
3. EDUCATION, EXPERIENCE & QUALIFICATION
1.Must be familiar with the FFIEC IT Examination Manual" requires a strong understanding of information technology (IT) practices within the financial services industry, as defined by the Federal Financial Institutions Examination Council (FFIEC).
2. Education Qualification
· Bachelor degree holder in Information Technology or related discipline.
3. Working Experiences
· At least 5 years' experience in Information Security or technology risk management.
· At least 3 years’ experience in technology vendor management.
4. Professional Qualification / Professional Examination / License
· Diplomas or Certifications in information security/data governance preferred
· Certified in CISSP, CISA, CISM or other recognized certificate is preferred
Job Types: Full-time, Contract
Pay: $85,000.00 - $130,000.00 per year
Benefits:
Schedule:
Application Question(s):
Experience:
Ability to Commute:
Work Location: In person
