Responsible for IT Governance & Audit activity and plan for IT Department and company.
Create strategy and processes related to all areas of IT Governance, Audit and Risk Management.
Manage and fulfil management's expectations & requirements to support business growth and objectives.
Work effectively and efficiently with internal IT team and external party (e.g. vendors, consultant, suppliers) to ensure seamless support to management & users on IT matters which involves both software and hardware.
Provide strong central oversight to deliver consistency and quality in compliance work across the organization
Communication governance and compliance objectives to ensure an appropriate compliance and risk awake culture.
Proactively work with compliance, internal audit, and risk management functions as well as various technology teams and business partners in the design and implementation of IT risk assessment practices.
Evaluate general and specific training needs and perform such to support the control environment and associated control framework.
Direct IT functional teams in the development, implementation, monitoring, assessment, and reporting of control processes, documentation and risk activities.
Develop and maintain processes, policies, standards, processes and procedures to assess, oversee, escalate, remediate and report on IT risk issues.
Monitor on IT compliance, legislative and regulatory trends for impact and potential non-compliance/gaps.
Facilitate and assist in the preparation of audit and compliance-related reports, regulatory filings, and IT risk disclosures on behalf of IT management.
Qualifications
Minimum Bachelor Degree in Computer Science, Information Technology, Computer Engineering or its equivalent in related IT field.
Minimum 3 years of working experience in the related field is required.
Advanced business and IT processes, IT risk management, information security, and privacy experience required.
Financial services industry experience is required and International business exposure is a plus.
Detailed knowledge of industry regulatory environment (e.g., FINRA 3013, FINRA 342, SEC 17a-3, etc.) and applicable information protection related legislation (e.g. GLBA, SOXA 404, SB 1386, Basel, etc.)
Broad understanding of audit, control and security standards (e.g., AICPA, ISACA / COBIT, PCI, etc.)
Solid grasp of concepts on a wide array of technology platforms, controls (ex: ITIL) and IT processes (ex: SDLC)
