DevSecOps - Business Line Control Manager

About The Position

Requirements

• Bachelor's degree, or equivalent work experience
• Five or more years of experience with the processes, tools and techniques for assessing and controlling an organization's exposure to risk
• Two or more years of experience with a total Information Technology (IT) environment

Nice To Haves

• Analytical Skills- analyze data, identify potential risks, and interpret complex regulations.
• Attention to Detail- reviewing documents, identifying discrepancies, and ensuring compliance controls are completed thoroughly
• Communication Skills- conveying requirements to various stakeholders, including management, employees, and supply chain partners
• Problem-Solving- develop strategies to mitigate identified risks and address compliance issues and gaps.
• Regulatory and Compliance Framework Knowledge - Staying updated on relevant laws, regulations and compliance frameworks such as PCI, FISMA, and NIST
• Organizational Skills - must be organized to manage multiple projects, track information, and maintain records.
• Technical Skills - Proficiency in relevant software, including Archer compliance management systems and data analysis tools like Tableau, PowerBI and Excel.
• Risk Management - Understanding and assessing risks, as well as developing mitigation strategies
• Multitasking
• Time Management
• Research Skills - research regulations, policies, and industry best practices.
• Data Analysis - Analyzing data to identify trends, patterns, and potential risks
• Collaboration - Working effectively with teams and stakeholders
• Diplomacy - Handling sensitive compliance issues with tact and professionalism

Responsibilities

• Provides risk management support to line of business by identifying, documenting, and implementing consistent processes for monitoring controls to mitigate risk.
• Promotes general awareness of risk management policies and issues and coordinates efforts to foster awareness and understanding of key risk management concepts within the business line network.
• Works with business line management to help ensure the implementation of key risk management practices and procedures in the normal course of business operations.
• Ensures that controls used to mitigate business risks are properly designed, executed, and documented.
• Serves as a consult to ensure facilitation/oversight and response to inquiry/examination.
• Maintain an inventory of privileged accounts with access to “high value client” data
• Coordinate and document data sharing approvals with “high value client” relationship owners
• Oversee and consult on security impacts associated with product and system changes
• Participate as SME in collaborative cybersecurity incident management for products and systems where “high value client” data is processed and stored. This includes review of cybersecurity logging dashboards and reports.
• Participate as SME and review control validation in reciprocal third-party security assessments, including annual PCI assessments, with “high value clients”
• Analyze security gaps, consult with stakeholders, and develop strategies to protect data and systems.

Benefits

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law