Director, Technology Risk

About The Position

Requirements

• Bachelor’s degree in Computer Science, Engineering, Information Technology, Information Systems, or a closely related field (or foreign education equivalent) and six (6) years of experience as a Director, Technology Risk (or closely related occupation) evaluating Information Produced by the Entity (IPE) in a financial auditing environment, using IT general controls, IT application controls, and IT dependent manual controls.
• Master’s degree in Computer Science, Engineering, Information Technology, Information Systems, or a closely related field (or foreign education equivalent) and four (4) years of experience as a Director, Technology Risk (or closely related occupation) evaluating Information Produced by the Entity (IPE) in a financial auditing environment, using IT general controls, IT application controls, and IT dependent manual controls.
• Demonstrated Expertise (“DE”) executing risk assessment audits of large-scale IT systems (including Enterprise Resource Planning (ERP) systems, cybersecurity, and Cloud computing systems); and developing reports and presentations for senior management with recommended mediation and corrective actions, using Archer to mitigate security and financial risk.
• DE performing IT risk assessments and audits to ensure compliance with General Data Protection Regulation (GDPR), SOX 404, and Accounting Standard 606 regulatory requirements; and drafting reports for senior executives on audit results and corrective actions (Security Policy, Access Control, and Change Controls), using access management tools (Access Hub and SailPoint), configuration management tools (ServiceNow), and data analytic tools (PowerBI and Alteryx).
• DE performing application audits, vendor system assessments, and pre and post system implementation assessments according to auditing software development methodologies -- Agile, Scrum, Scaled Agile Framework, and DevOps; and performing technology audits using industry frameworks -- Payment Card Industry (PCI), Control Objectives for Information and Related Technologies (COBIT), National Institute of Standards and Technology (NIST), and ISO 27001.
• DE performing information security audits of data, programs, and source code, using Audit Command Language (ACL) data analytics tool within UNIX/Linux, Windows, and Relational Database Management Systems (Oracle, Sybase and SQL Server) environments.

Responsibilities

• Supports the development, enhancement, and implementation of Governance, Risk, and Compliance (GRC) tools.
• Develops and maintains risk and control assurance methodologies, policies and control frameworks, and risk register in GRC platform tools.
• Executes and manages certifications in relation to information security standards for the Information Security Management System (ISMS).
• Coordinates and manages the activities of a cross-functional governance forum for the oversight and management of key deliverables for the ISMS.
• Maintains the centralized controls inventory and manages the periodic controls verification/certification process with Control Owners.
• Performs controls normalization to develop a standard set of controls across audits and programs.
• Designs and implements ongoing risk and controls trainings to Control Owners and Managers.
• Provides support for the management of annual enterprise audits.
• Oversees internal and external audit engagements.
• Oversees the IT controls program and identifies control deficiencies and workarounds.
• Supports the development and integration of a centralized platform for risk and controls management.
• Designs, develops, and maintains processes for modules and functionalities.
• Diagnoses, troubleshoots, and resolves hardware, software, or other network and system problems.
• Replaces defective components when necessary.