IT Risk Advisory Principal(109824)
Role Value Proposition:
IT Risk Management is a global organization that plays an important role in partnering with the business, IT, operations, and audit to ensure that management anticipates, recognizes, and appropriately manages risks. The IT Risk Advisory Principal helps the IT Risk Management Team ensure technology and security risks are anticipated, recognized, and appropriately managed before they can adversely affect the company. Leads the development and execution of advisory and assurance projects in reviewing IT and business processes and control practices. The overall goal of such efforts is to help 1st and 2nd line management: understand their risks; adhere to company policy, standards and procedures; and make improvements as needed to manage risk. The position supports objective, transparent communication and reporting on key technology risks and issues facing the organization to key stakeholders such as IT leadership, Risk Management and senior leadership.
- Support IT Risk Management team by providing leadership and guidance to the team and others in the organization around understanding risk and effective controls. This responsibility includes the planning, scoping, assessment/testing, and reporting of observations as part of the IT Assurance function.
- Design, lead and participate in the IT Assurance plan through the execution (individually or as part of a team) of both process and technical assessments of 1st and 2nd line control activities with particular focus on key controls supporting Sarbanes-Oxley, SSAE18, SOC2 and other regulatory related processes.
- Provide Process and Control Owners with feedback on assessments of their processes and controls including recommendations to ensure risks are identified, understood and managed and lead special projects and assessments as needed to support the department’s efforts in providing management assurance that business and technology risks across the organization are being managed.
- Work with Global Technology & Operations leadership to build and maintain an effective and competent control environment and provide leadership in a manner that motivates, engages and develops individuals and teams to successfully execute plans in a quality manner, drives strong results, and maintains general compliance with the company’s goals and priorities.
- Network with and provide guidance, advice and support to local, regional, and global teams who provide IT risk services and serve as a lead client contact and maintain a positive ongoing working relationship with internal and external audit partners
- Enable IT Risk Management’s vision by providing leadership and oversight into the IT Risk Management team’s enhancement of risk acumen, critical thinking, and data analytics skills, and supporting the broader ITRM department’s objectives of maturing the discipline of IT risks and controls across the enterprise.
Essential Business Experience and Technical Skills:
- 8-10+ years IT audit/risk experience, public accounting, consulting and/or IT security experience.
- Proven track record of success as a technology audit/risk leader, both advising management on current and emerging IT risks, and leading/coaching junior team members on methodology, stakeholder management, and the more technical aspects of IT audit reviews.
- Strong competencies/body of knowledge of IT risk and IT operations, having led multiple assessments of an organization’s processes against leading IT risk frameworks and security standards/practices (e.g., COBIT, ISO 27001, NIST, PCI).
- Proficient capabilities in the areas of IT risk management, critical thinking, root cause analysis, and written/verbal communications.
- Bachelor’s degree preferred, preferably in Computer Science, Information Technology or Business, or equivalent experience and Certified as a CISA, CISM or CISSP designation.
- 1-3+ years Information Security, IT Risk Management, Network/Cybersecurity or equivalent IT Operations experience
- Possesses experience in IT, Information Security or IT Audit in large, complex organization