Previous Job
Risk Advisor – Technology
Ref No.: 17-22825
Location: Reston, Virginia, Virginia

The Governance Analyst III is responsible for leveraging expert level knowledge of the business, complex processes, and regulations in support of the effective implementation of the organization's governance, risk, and compliance programs. May recommend or implement procedures or business processes that are compliant with legal and regulatory directives and corporate mandates.

  • Utilizes broad expertise and specialized knowledge to lead and execute project management assignments related to policy and procedure development, compliance testing, process analyses, gap identification, and remediation.
  • Develops and manages the implementation of operational and governance requirement for key control activities to ensure compliance with regulatory, legal, corporate, and business unit policies and procedures.
  • Develops procedures and business processes that meet corporate standards and instruct business personnel in their use. Track compliance, evaluate results, and present best practice solutions to any issues that are identified.
  • Evaluates new policies and procedures for operational and control impacts and governance, risk and compliance standards. May develop risk and operational reporting.
  • Conducts risk and operational reviews and prepares analyses for complex projects often requiring an understanding of financial and market metrics. May present findings to Senior Management.
  • Lead ad hoc projects and develop and implement corporate wide or business unit governance, risk, or compliance programs and initiatives.

  • Bachelor's Degree or equivalent required

  • 4+ years of related experience
  • Experience in executing technology risk assessments and demonstrating strong knowledge and industry best practices/frameworks (COBIT 5, ISO 27002, NIST, CSF etc.) relating to IT processes and controls such as technical resiliency/business continuity, capacity management, asset and inventory management, incident/problem management, configuration/change management, as well as technology platforms and controls (UNIX, Oracle, Windows, network devices, tools, LDAP/AD, DBMS, and cloud related infrastructure services such as AWS etc.).
  • Demonstrated work experience in the use of security principles; risk assessment policies and standards; information security best practices, products and technologies; and network technologies.
  • Experience in executing control design assessments, identifying key risks, controls and gaps, and process efficiencies while delivering comprehensive documentation of the process and controls in narrative form, supporting flow diagram, and mapping of risks and controls.
  • Experience in assessing effectiveness of key controls through varied approaches including inspection and analytics.
  • Ability to apply critical thinking and analytical skills to help management manage risk and solve problems (e.g., analyzing root cause of issues, impact to technology and required corrective actions) and assist Internal Controls Tech Managers / Directors in redesigning business processes and/or developing solutions for business partners.
  • Experience and proven success in project management and executing multiple concurrent assignments.
  • 2+ years of prior experience in related risk and control disciplines (e.g., Risk Management, Internal/External Audit, etc.). Big 4 assurance or advisory experience is a plus.
  • Solid foundation and knowledge/experience in areas of Information Technology and/or Risk Management. CISA, CISM, CISSP certification, or other technical certifications (MCSE, GIAC/GSEC/GCUX, Security+, etc) desirable.
  • Mortgage Banking and/or previous Client-specific experience is a plus.
  • Strong experience in MS Word, Excel, PowerPoint, Access, and Project. Experience with collaboration tools such as MS SharePoint and GRC systems such as BWise or MetricStream desired but not mandatory.

As a condition of employment with Client, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation.

Client is an Equal Opportunity Employer.
Employee Status:
Job Type:
More Information About the Job
Is Relocation Available?
Is there a bonus structure?
Are you open to sponsorship?
This position is:
New Position
Is there a possibility to work remote?
Is there equity?
Are there flexible work hours?
Does this position have direct reports?
Who does this position report to?
This person reports to Deborah Walker - Internal Controls Technology Manager
What are the 3-4 non-negotiable requirements on this position?
We're targeting a salary between 115-125k They need to understand Unix or windows system engineering. They need to be technical enough to find issues in a unix console and come up with a mitigation strategy.
What are the nice-to-have skills?
Nice if they have an interest in risk and controls. It would be great to find like a Unix security engineer that wants to expand his career into risk and controls.
What is exciting about this opportunity? Please use this section to describe team and company culture.
This is a growing space in Client and it has a high growth ceiling.