Audit/Risk Analyst

Candidate profile details:

• Degree/Certifications Required: Anything related to Risk, technology …
• Years of experience: 5-7yrs
• Reason for request/why opened: Support team on BAU
• Interaction with Stakeholders: 50%
• Project Scope: BAU / Governance
• Team Size: 2 ppl
• Selling Points of Position: Working within a leading FI organization

Background:

• Ideally FI but large organization is strong asset working in technology risk projects

Must have:

• Regulatory and Risk exp
• Audit project exp
• General risk technology exp

Nice to have:

• Provide leadership for the provision of technical expertise in development and support of activities, processes, procedures and tools for protecting information security with a focus on application security. Research, design and implement application security solutions and practices. Direct testing of security plans. Lead the evaluation of new and proposed security systems and technologies. SKILLS: Knowledge of IT standards and procedures. Knowledge of process and tools for assuring adherence to standards. Thorough knowledge of existing and planned infrastructure security platforms and architecture components.

Overall Risk Management:

• Maintain a strong understanding of current business and technology risks, emerging risks, and regulatory landscape.
• Operate as a centralized risk mitigation and remediation intake manager to build a consolidated view of all mitigation and remediation programs for the platforms in scope, and provide TCO (Technology Control Office) leader, other RMP (Risk Marketplace) partners, as the platform leadership teams with the insight necessary to prioritize numerous competing risk mitigation and remediation initiatives.
• Work with the TCO lead, various risk partners and TS segment leadership to ensure effective mobilization of teams involved in risk mitigation or remediation programs and activities.
• Oversee & monitor the execution of risk remediation/mitigation and enterprise initiatives to meet risk reduction targets, and as needed escalate or help resolve challenges in remediation programs.
• Coordinate with the relevant TCO or BISO subject matter experts to oversee and facilitate the resolution of multiple technology risk matters such as overdue access removals, admin access, infrastructure security or application security issues, etc.
• Provide P&T/TS teams senior leadership transparency on portfolio of risk remediation programs and initiatives, and audit finding resolution programs.
• Facilitate the development of remediation strategies, engagement of risk partners, SMEs and development of sound risk remediation programs and approaches.

Risk & Control Examinations:

• Oversight and coordination of multiple control examinations (project and IT audits, SOX audits – in coordination with the SOX specialists, regulatory examinations, compliance assessments, etc.) to ensure audits and reviews are planned adequately and completed on time.
• Holistic understanding of the portfolio of findings, including audit, regulatory, compliance, gap assessment, self-identified findings, and understanding of the progress towards remediations to ensure challenges and remediation risks are understood, communicated, and addressed by the finding owners.
• Work with finding owners to help them develop adequate responses and remediation plans, ensure identified control gaps will be properly mitigated and/or adequate remediation plans will be developed.
• Work with finding owners to ensure findings are closed and pass the various finding resolution review stages, such as PTACC and audit finding closure process.
• Ensure adequate representation in various committees such as PTACC or Quarterly Audit Updates, TS/Platforms risk management meetings.

Job Details

Job ID: 13180
Contract: 12 months
Location: Toronto