Associate – Technology & Cyber Risk Management RCSA Validation

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or related field.
• Overall professional experience of 5+ years or more in in Technology Risk Management, Cybersecurity Risk, IT Audit, or Operational Risk within financial services.
• Demonstrated hands-on experience in testing and validating technology and cyber controls within the RCSA framework.
• Strong knowledge of ICT risk domains (e.g., cybersecurity, system availability, change management, data integrity, third-party risk).
• Experience within a highly regulated environment such as the financial services industry
• Experience performing process assurance activities
• Strong knowledge of IT and cybersecurity risks, including IT general controls, identity and access management, network security, cloud, and application security.
• Familiarity with industry frameworks and standards such as NIST, ISO 27001, COBIT, ITIL, CIS Controls.
• Understanding of regulatory expectations related to technology and cyber risk (e.g., OCC, FFIEC, PRA, EBA, DORA).
• Structured, detail-oriented, and analytical, with the ability to balance execution and coordination.
• Strong communication and stakeholder engagement skills, capable of interfacing with both technical and non-technical teams.
• Proactive and organized, able to manage competing priorities in a fast-paced environment.
• Strong risk, process, and control validation and/or assessment skills.
• Advanced knowledge of technical risk management best practices and how to implement them.
• A team player who can coordinate and drive consensus among different teams and stakeholders having varying view points
• Ability to convey a sense of urgency and drive issues/projects to closure.

Nice To Haves

• Master's Degree in related disciplines.
• Professional certifications are strongly desirable: CISA, CRISC, CISSP, CISM, CCAK, or PMP.
• Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.
• Experience in Microsoft Office products.

Responsibilities

• Perform independent validation and challenge of Technology and Cyber RCSA assessments completed by the First Line of Defense (FLOD), ensuring completeness, accuracy, and adherence to Risk Management policies and procedures.
• Review and challenge the Risk and Control Matrix (RCM) for technology and cyber domains, confirming that key risks (e.g., cybersecurity, data integrity, system availability, change management) are adequately identified and mitigated.
• Provide second line oversight of FLOD control testing programs by evaluating the adequacy of control design, evidence of operating effectiveness, and accuracy of control test results conducted by the FLOD.
• Challenge and validate risk and control ratings
• Partner with Risk Management team and other second line functions to ensure alignment between RCSA results, key metrics, and ICT risk appetite.
• Support development and continuous improvement of SLOD RCSA validation methodologies, templates, and tools tailored to technology risk and cyber controls.
• Provide periodic reporting to TRM leadership, governance committees on validation outcomes, control effectiveness.
• Contribute to awareness and training initiatives to strengthen the program.
• Ensure documentation of validation activities meets internal audit and regulatory expectations, supporting a robust control assurance framework.