- Perform reviews of third-party controls assessments and analyze the results, and provide an overall assessment of controls risk for our organization.
- Work to assess Complementary User Entity Controls (CEUCs) and how they apply to controls already executed in the IT organization and if additional controls or procedures need to be developed.
- Execute IT control testing to provide management confidence in the operational effectiveness of IT controls.
- Assist management in the design of robust controls balancing the need for efficiency versus the requirement of control with a keen understanding of how to incorporate automation in this balance.
- Assist in the determination of gaps in design or controls exist and providing recommendations for remediation and implementation of mitigating controls.
- Collaborate with first line in development of action plans to assess the adequacy of action taken by management to remediate open items.
- Support compliance/audit activities as assigned in relation to Sarbanes Oxley (SOX), IT Control Framework, Service Operation Control audits, manage internal/external audit engagements and third-party business reviews.
- Support control assessments first time and ongoing (Process, Application, and Infrastructure)
- Assist in the development and implementation of goals, policies, priorities, procedures relating to internal controls.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Assess, define, and execute on control optimization.
- Support the key stakeholders throughout IT control framework and control consultant.
- Engage and collaborate with second line to demonstrate the design and operating effectiveness of controls.
Elvárások:
Qualifications and Skills:
- Bachelor’s degree or equivalent knowledge in risk management and controls.
- 5-7 plus years of experience working with internal controls, audit, or risk management within the financial services industry.
- Excellent communication skills in writing and communication information in a clear, concise manner.
- Proven analytical, critical thinking and problem-solving skills
Preferred Qualifications:
- CISA, CISSP, CISM, or CIA recommended.
- Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
- Knowledge of Audit Assurance Framework requirements.
- Financial services experience.
- Experience with GRC solutions.
- Knowledge of public cloud providers (AWS, Azure, etc.).
- Big 4 public accounting experience working with controls within the Sarbanes Oxley environment.
- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
- Skill in creating policies that reflect control requirements.
Egyéb információ az állásról:
With key markets in the Netherlands, the UK, and the US, as well as growth markets in China, Brazil, and Iberia, our international partner supports one of the largest financial services groups, by offering IT, finance, risk, model validation, actuarial, audit, and asset management services with the purpose of helping their customers to live their best lives.
A diverse workforce and an inclusive culture are fostered by our partner. They value diversity as a whole, including but not limited to, racial, gender, and ability diversity as well as diversity in language, culture, beliefs, age, origin, background, perspectives, and experiences.
This Senior Risk and Compliance Analyst position is part of the ICC Controls Team and will primarily perform comprehensive assessments of third-party SOC 2 type 2 controls reports to determine impact of the results of testing of third-party controls on our organization. They will also execute controls testing of the management, operational and technical controls to determine overall effectiveness of controls.
This position is focused on global delivery providing centralized services and supporting global program build-out.