Job Information
TEKsystems Sr. Technology Risk Engineer in Hicksville, New York
Positions Open in Troy, MI or Near Long Island, NY NO C2C
Description:
Position Title
Sr. Technology Risk Engineer
Job Summary
The Sr Technology Risk Engineer is responsible for the delivery of the program
elements of all first line of defense risk activities directly or indirectly impacting
Information Technology and Information Security. The Sr
Information Technology Risk Engineer will leverage experience in business and
technical acumen environment to execute the technical program activities in the
areas of audit, technology, compliance, risk management and security. The
position will be responsible for delivery of an Information Technology Risk
program with clear, defined operational policy, standards and procedures
related to Information Technology and Security..
Job Responsibilities:
Design/execute specific Information Technology and Security risk program elements to
mitigate enterprise IT and security risks throughout the Bank. Be a role model to more
junior members of the team.
•
Design/engineer/execute the implementation of the components of the Information
Technology Risk Program to include external compliance, internal audit, security, vendor
management, operational risk, quality assurance and quality controls for technology and
information security.
•
Design/engineer/execute internal and external compliance technology audits and
regulatory exams, representing Information Technology throughout the lifecycle of the
audit. (planning through remediation strategy)
•
Execute the first line of defense Risk Management functions for IT meeting the Enterprise
Risk Management (ERM) program elements, processes and compliance requirements.
Execute the Risk Controls Self-Assessment process for Information Technology and
Information Security.
•
Execute Awareness and Training for Risk Program elements to enhance awareness and
training appropriate for the company's needs to ensure that risk responsibilities are understood
and carried out throughout the enterprise.
•
Design and execute implementation of Governance, Risk, and Control frameworks and
systems based on recognized best practices such as COBIT, ISO, NIST, GLBA, SOX,
FFIEC, etc.
•
Ensures compliance with applicable federal, state and local laws and regulations.
Completes all required compliance training. Maintains knowledge of and adhere to
internal compliance policies and procedures. Takes responsibility to keep up to
date with changing regulations and policies.
Job Requirements:
• High School Diploma, GED, or foreign equivalent required.
• Bachelor's Degree in a related field is strongly desired.
Certified Information Systems Security Professional (CISSP), Certified Information Security
Manager, (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and
Information Systems Control (CRISC) preferred.
•
4+ years of experience working in technology audit, Information Security, or Information Technology required.
• 3+ years of SOX IT control execution or testing or IT auditing experience or IT risk.
• Three years of Information Security or IT experience.
Demonstrated experience in Risk and Control Self Assessments, Audits, or exams for
technology or information security.
•
Demonstrated ability to audit general IT controls including related infrastructure (Active
Directory), operating systems (UNIX, Linux, Windows), databases (Oracle DB and MS SQL
DB), and applications (Oracle, PeopleSoft, Salesforce, etc.).
•
Design and perform root cause analysis, control gap assessments, and process
improvement projects using technical and problem solving and critical thinking skills to
quickly identify internal control deficiencies, evaluate their risk implications, and draw the
appropriate conclusions.
•
Understand Industry standard frameworks for technology, such as COBIT, ISO, NIST,
SANS, and others to design Governance, Risk and Control frameworks, and systems for
technology and information security.
•
Design and develop internal control documentation including narratives, process and data
flows, and other supporting work papers.
•
Moderate to in-depth understanding of business environment and risks associated with the
financial services industry, IT environments, and information dataflow.
•
Understand IT audit principles and audit procedures, and determining and evaluating the
severity of potential issues identified during testing, and to provide guidance to more junior
team members.
•
Understand IT organization business processes and systems (IT Security, data
management, architectural and planning, technology life cycle management, regulatory
concerns).
•
• Participate in multiple projects concurrently, works under pressure well.
Strong verbal and written communication skills with comfort around presenting new ideas
and presentations to senior management.
•
• Demonstrated track record of meeting time commitments.
• Demonstrated track record of working effectively across functional and organizational lines.
• Demonstrated knowledge of risk management tools.
• Ability to work in teams, and/or as an individual contributor
Skills:
sox audit, soc1, soc2, it audit
Top Skills Details:
sox audit,soc1,soc2,it audit
Additional Skills & Qualifications:
RCSA experience would be nice but not required
Financial Service Experience
Experience Level:
Intermediate Level
About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.