The ideal candidate will have the ability to think and act both strategically and tactically while ensuring that the corporation remains compliant with required security, technology, and financial standards, as well as industry best practices.
Responsibilities:
Support assurance program, engage with internal partners to help build control frameworks to ensure needs and expectations over services are met for various certifications (e.g., SOC2).
Engage with the auditors to test the control framework to ensure objectives are met and risk is managed effectively.
Execute control assessments of various operational and business areas to assess potential risks or control gaps.
Track remediation internally and externally through to resolution to help improve design and operational effectiveness of controls.
Report formally on the results of assurance/certification objectives, controls, and risk assessments.
Help develop and maintain reports, metrics and presentations of progress and results for meetings with customers and regulators.
Collaborate cross-functionally with other assurance programs (e.g. SOC2, ISAE 3402, ISAE3000, ISO27001, SOX and PCI DSS) to ensure alignment across the Technology Risk Management function.
Demonstrated ability to operate with independence and autonomy.
Experience with control frameworks or requirements (e.g., SOC2, ISAE3402/3000, ISO27001, and/or FedRAMP).
Bachelors degree or equivalent combination of education and experience / Bachelors degree in computer science, information technology or related field preferred.
Strong interpersonal, communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization.
Professional certification like CISSP/CISA/CRISC/CPA or similar, a plus.
Cloud (e.g., Azure, AWS, and GCP) certifications, a plus.
Contribute to work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds.
Familiarity with the financial services industry, payment processing industry, and/or technology industry, a plus.