Information Technology Risk Management Officer - New York, United States - Pelham Berkeley Search

    Pelham Berkeley Search
    Pelham Berkeley Search New York, United States

    2 weeks ago

    Default job background
    Direct Hire
    Description
    High Profile mid-sized Asset Management firm seeks Risk Management Officer to focus on IT/Information Security risk assessments.

    This is a direct hire full-time role with a company that offers competitive compensation (130-145K+ bonus) in addition to a phenomenal benefits package.

    In summary, within the Risk Management team you will focus on Risk Assessments of IT and Information Security applications and systems:
    • Create detailed scope documents containing a reviews of IT processes and controls, including collection of evidence.
    • Analyze processes and controls evidence against requirements.
    • Consider and review existing self-identified issues and audit issues.
    • Conclude with an inherent risk rating and residual risk rating, document all analysis and evaluations throughout the process, create a results report, and finally ensure that new self-identified issues are opened if gaps are identified.
    • Complete an annual risk assessment, including sample control testing across the firm ensuring that:
    1. the risk assessments are focused on safeguarding customer information which identifies reasonable and foreseeable internal and external threats, the likelihood and potential damage of threats and the sufficiency of policies, procedures, and the security of related customer information.
    2. the risk assessments identify internet-based systems and high-risk transactions that warrant additional authentication controls.

    Requirements include:
    • 5+ years of experience performing audits or risk assessments with strong IT risk assessment and/or audit experience.
    • Experience as an IT internal auditor preferred but extensive IT Controls Risk Assessment experience is also acceptable.
    • Extensive experience performing application and infrastructure layer control assessments.
    • Strong knowledge and understanding of systems architecture, infrastructure, security, and applications.
    • Ability to communicate IT risks assessment information to non-technical business leaders.
    • Excellent writing skills required
    • Certified Information Systems Auditor (CISA) is preferred.
    • Completed Bachelor's degree required.
    risk management, risk assessment,