The Senior Risk Manager drives the risk management function primarily for the Application Development pillar of the client Systems organization. The Risk Manager coordinates and conducts IT risk and vulnerability assessments and supports the design and implementation of controls to address findings. This position is responsible for supporting and offering insight to IT and the Business into the risk identification, assessment, mitigation and reporting activities that help reduce operational IT risk.
location: Boston, Massachusetts
job type: Contract
salary: $55 - 65 per hour
work hours: 9am to 5pm
- Identify and assist in the management of IT Application Development risk issues.
- Conducts and assists in IT Risk assessments for the Application Development pillar, as it relates to current and Emerging Technology, e.g. Robotic Process Automation (RPA), AI / Machine Learning (ML), Data Transformation in accordance with IT Risk Program methodology.
- Perform proactive Control Assurance to ensure effectiveness of existing controls that relate to Application Development, and the creation of new controls to address new and emerging risks across IT
- Participates in IT third party vulnerability assessments for Application Development pillar
- Identify, assesses, mitigate and report on new and thematic findings from IT risk assessments.
- Assist in the development and implementation of new IT risk initiatives, including policies, processes and awareness programs.
- Represent Systems Risk during all phases of Software Development Life Cycle (SDLC) in responding to identified risks and ensure remediation or compensating controls are implemented.
- Partner, collaborate and support other control functions, e.g. Internal Audit, Compliance, Enterprise Risk Management as necessary, to support business objectives and the risk reduction initiatives across the Firm.
- Participates in risk remediation projects across technology with high inherent risks, to establish controls and mitigate the residual risk to an acceptable level.
qualifications: Risk Analysis & Measurement
- Provide quantitative and qualitative information to support the prioritization of tactical and strategic risk mitigation projects.
- Collaborate with Control Owners on the design, development and measurement of controls that support business objectives and mitigate risk.
- Facilitate Application Development adherence to System wide policies that enhance and protect Confidentiality, Integrity and Availability of client Data.
- Recommend enhancements to risk analysis tools.
- Provide functional and analytical support of Governance, Risk Management & Compliance (GRC) tools and applicable repositories.
- Bachelor's degree in systems or related discipline or specialized training required.
- 8+ years of relevant IT work experience which may include supporting Application Development (Traditional SDLC and Agile methodologies), Information Security, IT Enterprise Architecture, IT Vendor Assessment, Production Assurance and/ or IT Governance, Risk and Compliance areas
- 3+ years' experience in the financial services industry
- Strong interpersonal and relationship management skills with a demonstrated ability to work in a changing Application Development environment, and produce results although the ask can often be ambiguous
- Demonstrates ability to operate and influence decisions across multiple management levels
- Experience with IT risk and threat assessment methodologies.
- Knowledge of Cyber security protocols and industry best practices
- Knowledge of operating platforms, database and sub-system platforms and products.
- Knowledge of IT Vendor Due Diligence practices
- Basic knowledge of IT regulatory and compliance requirements.
- Experience with standard desktop tools, including Microsoft Office.
- Ability to weigh business needs against risk concerns and articulate issues to management.
- Ability to handle multiple priorities, while meeting deadlines.
- Strong problem solving, organizational and project management skills.
- Strong written and verbal communication skills.
- Preferably holds one or more of the following or equivalent certifications: CISSP, CISM, CISA, CIA, CRISC, CGEIT CIAC, ISO
- Experience with industry standard GRC Tools
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.