Description |
Business Aligned Infrastructure (BAI) is directly aligned with the Corporate Technology Risk and Business Services (CTRBS) lines of business for end-to-end Infrastructure service delivery. The BAI team delivers customized solutions that address the unique technology drivers of the CTRBS lines of business while ensuring that centralized products and services are leveraged for their economies of scale. BAI is the primary interface between the Application Development teams and Global Technology Infrastructure (GTI). BAI Service Management Risk Management (SMRM) under CTRBS is responsible for identifying, assessing and managing risk as it relates to information security/privacy, technology and resiliency. The Information, Technology & Resiliency Risk Lead works as part of this team, identifying new threats and trends, advising on tactical and strategic direction, contributing towards a strong governance framework, coordinating firm wide risk mitigation projects, engaging with industry contacts, monitoring regulatory developments and providing information to senior management, auditors and regulators. As a Risk Initiatives Lead, you will manage key relationships with Risk Officers, internal/external Audit, regulators and industry forums. This is an important aspect of the role as the Risk Lead operates under a federated engagement model, working in close partnership with Lines of Business (LOB VMC's) and Corporate Functions to ensure that the firm meets its legal and regulatory requirements, as well as keeping in touch with local industry trends and developments. In this position, you will be responsible to:Work as part of a federated team to continually enhance the firm wide risk management program Lead or participate in firm wide risk control initiatives to ensure successful and consistent implementation Continually monitor and assess the adequacy of the information, technology and resiliency risk controls and formulate strategic plans to address inherent and emerging risks Perform ad hoc vulnerability assessment/investigation to identify control gaps, their impacts to business, and work in a federated team to formulate remediation plan and lead implementation activities Participate in regional governance forums Identify, assess, and recommend new security technology for controls enhancement Build and maintain strong business, vendor, peer firm and external regulatory relationships Provide subject matter expertise in security technology and knowledge of current industry trends to improve controls across the firm
|
Requirements |
* 10 years experience in IT operation/management with at least 5 years in a technology risk management role
* Experience in IT auditing or security controls assessment in infrastructure technology and IT operation processes
* Ability to create and implement strategy within the technical disciplines of resiliency, information and technology risk management
* Track record of implementing successful risk or technology management solutions
* Stakeholder engagement skills, including ability to influence senior levels of management and LOB
* Experience in matrixed/global organization
* Knowledge of CSA, SOX, ESM, & Resiliency Processes
* Excellent communication skills
* Knowledge of risk management frameworks
* Broad knowledge of information security technologies
* Strong knowledge of IT operation and processes
* Knowledge of system development methodologies and practices
* Knowledge of investment banking products and services
* Project management skills
* Detailed understanding of regulatory and firm wide control issues
* Knowledge of Resiliency Risk Management, BAI's, BCP's and testing
* CISSP and/or CISM qualifications are a plus
* Bi-lingual in both Spanish and English. Fluent English, both written and verbal communications, is required
|
|
