Cyber Assessment Program Technology Control Testing Specialist

Job Description

Level 2
Job Description:

Department Profile:
Technology works as a strategic partner with our business units and the world’s leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Our Company’s sizeable investment in technology results in cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients’ businesses and to our own. Technology & Operations Risk organization enables the Firm to manage its technology related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TOR team partners with the business by ensuring that the Technology division understands how to manage escalate and monitor risk.

Team Profile:
The Cyber Assessment Program is a 1LOD function focused on assessing our cyber security posture through the lens of the CRI Cyber Profile. This program partners with various stakeholders to ensure that objectives of the assessment are met.

Primary Responsibilities:
The roles responsibilities include:
– Conduct risk assessment using CRI Cyber Profile
– Coordinate time-bound reviews with a number of stakeholders and escalate issues and concerns in a timely manner
– Establish timeline, coordinate working sessions, perform follow-ups, document findings, and collect evidence for controls
– Communicate and work with various levels of management to provide regular reporting on progress
– Build strong positive relationships with the Information Security / Risk community, Internal Audit, Operational Risk Department, and Risk Officers
– Deliver program specific communications to stakeholders on risk and control related matters e.g. technology and information security governance forums
– Prepare documentation of identified risks and issues for reporting in centralized issue / risk tracking applications.

Experience:
– Working knowledge of key Technology and Information Security concepts e.g. data classification, protection, policies, governance, privacy, security assessment tools
– Understanding of the CRI, FFIEC CAT, NIST and other relevant regulations and industry standards, including principles and key concepts related to risk assessment, controls and testing
– Engages in process-based thinking to effectively obtain, analyze and interpret information, identify root causes of problems, and draw the appropriate conclusions
– Working knowledge of technology applications and infrastructure (e.g., server, network, platform desktop environment) and ability to identify and validate risk and controls
– Understanding of the relevant local technology risk regulations and the associated application to a financial services business

Desired Skills and Competencies:
– Excellent written and verbal communication skills
– Experience with the CRI Cyber Profile, FFICE Cyber Assessment Tool, CSA CCM, etc.
– Good organizational skills; a high degree of attention to detail and ability to manage multiple priorities
– Business/Product

Knowledge:
– Familiarity and experience with electronic platforms is a strong plus, but is not required Education,

Background & Experience Required Education:
Bachelor’s degree A minimum of 3 years of relevant risk experience from roles in any of the following:
– Audit (internal or external)
– Risk Officer / Information Security Officer
– Technology Risk Governance
– Risk Assessment (e.g., RCSA)