Previous Job
Previous
Sr. IT Internal Controls Analyst
Ref No.: 18-00072
Location: Manhattan, New York
Position Type:Direct Placement
Experience Level: 5 Years
Start Date: 12/01/2017
Sr. IT Controls Specialist  (3-8 years experience)
Location:  NYC
Salary: OPEN
Sponsorship is not available at this time.  Full time position
 
We are currently seeking a IT Compliance/Risk Analyst for a permanent opportunity with our direct client located in midtown Manhattan, NY
 
Musts:
~Strong Risk Management background
~Must have a working knowledge of CoBIT, COSO
~NIST Framework experience
~Experience working in technology related sector a plus.
 

Education—
Bachelor’s Degree in Information Systems, Computer Science or related field. Post graduate degree a plus or equivalent work experience.
CISA or relevant Certifications a plus but not necessarily required.


Skills—
  • Demonstrate knowledge of Information Technology general risks and controls and related internal and external audit best practices.
  • Demonstrate knowledge of current and emerging technologies and related risks.
  • Demonstrate knowledge of COSO and CoBIT Frameworks and other internal control methodologies.
  • Broad industry and technical awareness to identify technology opportunities and align these to the business needs.
  • Ability to understand complex technical systems and the business processes they support; synthesize the corresponding risks and controls and recommend adjustments.
  • Exceptional analytical and critical thinking skills and exhibit solid and innovative solutions.
  • Planning and organizational skills to successfully manage multiple projects concurrently by demonstrating flexibility in prioritizing and completing tasks.
  • Exhibit project management skills, including developing project plans, budgets, and deliverables schedules.
  • Strong written and oral communication skills.
  • Proficient in Microsoft Office Suite, Visio, and Access Database skills.
  • Ability to comfortably interact across all departments within an organization.
  • Ability to evaluate and remediate operational incidents that arise in the normal course of business.
  • Highly disciplined, able to work with limited supervision and make independent decisions.
  • Enthusiastic, self-motivated and willing to take personal responsibility.
 
Experience—
  • Must have 6+ years of technology risk management experience. This includes performing IT focused reviews of pre/post system implementations, operating systems, databases, data center, Cloud providers, disaster recovery, and general application computer controls.
  • Related work experience in an IT focused Audit or Risk Assurance function within a Public
  • Accounting Firm (financial industry focus a plus).
  • Experience working in the technology related sector a plus.
  • Develop and performed IT focused Risk Assessments.
  • SOX ITGC compliance experience required. Evaluated the design and operating effectiveness of ITGC controls.
  • Proficient in security concepts including cyber security, technology operations (i.e., client server, LAN, UNIX, Windows, DB2, Oracle, SQL, VMWare, cloud computing), and system development life cycle.
  • Development, execution, and review of control matrices, test plans, as well as the performance of controls optimization.
  • Created internal control documentation related to the identification of key control points with the use of narratives and process and data flows.
  • Identified internal control deficiencies, as well as efficiency and effectiveness opportunities, provided recommendations for improvement, and monitored remediation efforts.

     
Function:
  • Provides guidance to junior OR&C team staff.
  • Assist in the ongoing development and implementation of the FHLBNY’s Operational Risk & Compliance program
 
Essential Duties:
  • Perform technology focused risk assessments to determine if the IT environment is operating in line with governing regulations, contractual requirements, internal policies and procedures.
  • Provide advise on how to meet technology focused regulatory obligations and assess the impact of proposed regulations through the evaluation of regulatory developments as well as implementation of required controls.
  • Participate in projects and initiatives to bring a pro-active technology risk management focus by utilizing industry best practices.
  • Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of technology risk.
  • Work directly with appropriate business and technology functional areas to identify areas with potentially elevated risk and perform deep dive investigations into their corresponding inherent risks and mitigating controls.
  • Monitor for external events which may be relevant to technology scenario analysis.
  • Ability to understand complex technical systems and the business processes they support; synthesize the corresponding risks and controls and recommend adjustments.
  • Perform ITGC SOX and other internal control reviews to evaluate the design and operating effectiveness of related controls. This includes the development, execution, and review of control matrices & test plans, as well as the performance of controls optimization.
  • Perform ITGC walkthroughs with business units to create internal control documentation related to the identification of key control points with the use of narratives and process/data flows.
  • Investigate and evaluate operational incidents. This includes assessing the control breakdown and identifying opportunities for internal control improvement.
  • Identify internal control deficiencies, as well as efficiency and effectiveness opportunities, provide recommendations for improvement, and monitor remediation efforts.
  • Perform complex analysis of data to determine trends and potential emerging risks.
  • Assist in development of drafting reports and deliverables.
  • Assist in the preparation of annual regulatory examinations.
 
Other Duties:
  • Assist in the coordination of Bank-wide compliance training programs.
  • Assist in the coordination of the Bank’s Insurance programs.
  • Stay abreast of current business and industry trends relevant to business.
  • Plan, execute, and report on additional projects as assigned by the Compliance Officer.
  • Participate in monthly system wide compliance meetings.
  • Perform process analysis to identify weaknesses and suggest improvements.
  • Maintain departmental governance documentation.
  • Ability to provide comprehensive analysis and/or training on subject matter material.