6 month contract (extension or conversion possible)
Hybrid in San Francisco, CA (2 days onsite weekly)
Large client in banking industry
Job description:
This role supports the ITRC goal to ensure risk inherent to technology systems and data is managed to a level within the Bank’s risk appetite. The ITRC Analyst is responsible for monitoring, reporting, and executing risk management activities in areas such as technology deployments, vulnerability exposure assessments, third party access to non-public data, and information security used to protect against current or emerging threats to the Bank. Additionally, this role partners with key stakeholders to ensure compliance with the IS and IT frameworks.
Primary Responsibilities:
· Conduct readiness assessments, including reviews of relevant documentation in advance of audits, 2LOD assessments, and external assessments.
· Maintain the inventory of SOX IT General Controls (ITGC) and control tests in ServiceNow, updating as directed, and identifying opportunities for improvements in reporting and in using automation.
· Liaison between control owner and internal auditors, and 2LOD assessors during audits and assessments, responsible for supporting control owners in the timely submission of artifacts.
· Ability to map key Information Security and Technology controls identified in policies, standards, and process documents to industry frameworks such as NIST CSF, NIST 800-53, CSA CCM, CIS v8.1, and regulatory requirements in FHFA Advisory Bulletins.
· Ability to identify and document technology processes.
· Manage the LogicGate Governance Library ensuring Information Security and Technology documents align with approval and publication requirements, relying equally on automated reminders as well as active engagement with document owners.
· Maintain ITRC document archives in the ITRC shared repository.
· Responsible for reporting status at a recurring cadence of open findings, observations, recommendations, and self-identified issues, and for submitting formal audit observation closure documentation.
· As directed by the ITRC MD, document and report the progress and value of in-flight ITRC initiatives, identified risks, and planned initiatives.
· Provide compliance review of requests for deviations from Information Security and Technology policies and standards, confirming compliance with Technology Exception requirements for components such as compensating controls, risk assessment, and documentation supporting exception request rationale.
· Participate as a key stakeholder in the Architecture Assessment Review process, documenting meeting decisions, tracking deliverable commitments, and ensuring next steps are completed for proposed new technologies or changes in existing technologies.
· Support ITRC team members as needed in conducting third-party security risk assessments for changes to existing third parties or proposed third party technologies.
Requirements:
Skills/Knowledge:
· Required Core Competencies: Customer Focus, Decision Quality, Ensures Accountability, Drives Results, Drives Engagement, Collaborates, Values Differences, Communicates Effectively with all levels of staff and management, Instills Trust
· 3 - 5 years of experience in technology risk or IT audit.
· Knowledge and experience with technology frameworks is required, e.g., CIS v8.1, CSA CCM, CoBIT, NIST, ITIL, et al.
· Knowledge of Operational Risk Management and Technology Risk Management.
· Demonstrated ability to promote teamwork, act as a change agent, effectively remove obstacles, maintain high level of morale and motivation, and lead by example.
· Familiarity with SOX ITGC
· Must be proficient with Microsoft Office (Word, Excel, PowerPoint) and Microsoft SharePoint.
· Must have strong communication skills and be able to effectively communicate with all functional levels of the organization.
· Project management, planning, problem-solving and organizational skills required, preferably using Atlassian JIRA
· Strong analytical, issue identification, prioritization, resolution, and report writing skills required.
· Must be proactive and must be able to meet established deadlines.
· Experience with a Governance, Risk and Compliance (GRC) tool is highly desirable, preferably ServiceNow and LogicGate.
· Ability to learn use of the ProcessUnity/CyberGRX third party risk management platform
Criteria:
· 2 to 3 years experience supporting operational and technology risk management activities for Information Security and Technology
Description We are looking for a highly organized and detail-oriented Administrative Assistant to support a dynamic CPA firm in Los Alamitos, California. This role involves assisting two CPAs and managing a high volume of tax-related documentation, making exceptional organizational...
Remote Work From Home Part Time Data Entry / Typing This is your opportunity to begin a lifelong career with endless opportunity. Discover the freedom you've been looking for by taking a moment to complete our online application. Benefits: Excellent weekly pay ...
Description The PositionThis new Urban Landscape Manager will have a primary focus on park capital maintenance projects and all phases of park maintenance contractor service agreements under the direction of the Park Superintendent. Together both of the Urban Landscape...
**Principal Software Developer - AI & Web Applications****About the Role**We are looking for a highly skilled and strategic **Principal Software Developer** to help shape our next-generation AI-powered content authoring and delivery platform. This platform empowers authors...
...with 300+ reviews. NEW HIGHER PAY: $34,270 - $59,973 The Challenge We are looking for 2 skilled and safe tractor trailer drivers to transport cargo on trips in and out of North Carolina. Questions? Call me: Katlyn Godwin at (***) ***-****....