Manager Technology Risk Office

About The Position

Requirements

• Experience in public accounting, consulting or internal audit.
• In depth knowledge of SOC 2
• Solid grasp of controls in a technology environment.
• People and/or team leadership experience.

Nice To Haves

• Strong presentation skills.
• Financial services experience - particularly Asset Management, Brokerage, Insurance and Annuities.
• Good level of knowledge and experience in Technology Infrastructure.
• CISA, CGEIT, CRISC

Responsibilities

• Provide strategic support to the Senior Manager by maintaining and strengthening relationships with Risk & Control Services (RCS)/Internal Audit and Technology Risk stakeholders across the enterprise technology organization, and by collaborating with RCS and other audit and compliance functions to ensure alignment of activities and deliverables with the Technology Risk Office operating model.
• Support end-to-end process of managing SOC 2 audits, ensuring compliance with industry standards and regulatory frameworks.
• Assist in managing Technology regulatory activities, including OCC and Federal Reserve exams, and compliance to NYDFS Cybersecurity regulations.
• Help drive risk management practices by supporting ORM’s five core minimum standards: Risk and Control Self-Assessment (RCSA), Risk Events (REV), Testing the Design and Effectiveness of key controls, Risk of Change (ROC) and Reporting to Governance Committees.
• Facilitate deployment and maintenance of Technology risk and controls model with assigned Technology teams using industry standard models (e.g., COBIT5, ITIL, NIST) and regulatory mentorship (FFIEC, FCA) as references.
• Be a 'go to' person for RCS, GCO and other technology risk partners when the Sr Manager is unavailable.
• Leverage the organization’s Technology Control Framework and comprehensive risk catalog to collectively help drive Technology performance while meeting other stakeholder needs.
• Support Technology teams to deploy, supervise and improve their critical functions in alignment with the model requirements.
• Communicate requirements to Technology teams and, supporting leaders in complying and soliciting areas for improvement
• Implement and support approach to drive Technology Risk Office functions, including detailed processes, risks and controls, and provide reporting of status.
• Build out current reporting to provide the CIO leadership team a view into current status of effort.
• Work with Risk & Control Services (RCS) and other audit and compliance functions to align work and deliverables with the Technology Risk Office operating model.
• Facilitate the inclusion of Technology Risk Office principles into awareness and training programs on topics such as performance management, quality management, risk management, compliance, etc.
• Provide technology operational risk domain expertise and engage Technology leaders and their business, risk, compliance and audit partners to further operationalize our technology risk framework.

Benefits

• We also have a competitive and comprehensive benefits program that supports all aspects of your health and well-being, including but not limited to vacation time, sick time, 401(k), and health, dental and life insurance.