|Reference # : ||19-13526
||Title : ||Compliance and Risk Management Analyst|
|Position Type : ||Full Time/Contract|
|Experience Level : ||
||Start Date / End Date : ||12/09/2019 / 06/30/2020
| Description |
|Our client, an international financial institution based in NW Washington, DC has a position available for a Compliance and Risk Management Analyst:|
Compliance and Risk Management Analyst
The incumbent will be expected to support the risk manager, regarding all aspects of the risk management program. The responsibilities of the position include the development, implementation, and application of risk metrics and methodologies, as well as the monitoring, analysis, and reporting of financial risk exposures. The incumbent will be expected to support organizational compliance with risk policies through regular risk exposure monitoring and reporting. The incumbent will be responsible for documenting and reporting risk policy exceptions to risk committee. The incumbent will be expected to ensure that all policies and procedures are implemented and well documented, performing occasional internal reviews and identifying compliance problems that call for formal attention. The incumbent will also be expected to develop risk management strategies to avoid non-compliance and file compliance reports with regulatory bodies.
Essential Job Functions:
- Enterprise risk management (conduct risk assessments based on risk management methodology)
- Comply with Information security audits, such as Internal Audit Department information security audits, external financial audits on Internal Controls for Financial Reporting (ICFR), and ISO27001 certification audits
- Follow up with stakeholders to make sure recommended controls have been implemented and provide advice, as needed
- Coordinate with the ISO technical team for spot audits to validate implementation of ISMS and ICFR controls
- Accredit type of information captured in system logs and security event rules in the log management system
- Accredit configuration of intrusion detection, scanning, and server configuration tools
- Monitor and report on a periodic basis effectiveness and efficiency of ISMS and ICFR controls (KRI's and KPI's)
- Review and update information security policies and technical standards including OS, database, network, and applications
Educational Qualifications and Experience:
- Education: Bachelor's degree in Accounting, Business, or related field
- Role Specific Experience: 2+ years of relevant experience
- Work experience with enterprise risk management methodologies and tools
- Experience with the financial sector
- Experience with Sarbanes Oxley Act and General Computer Controls, especially information security controls
- Experience with IT systems and processes
- Experience with information security audit guidelines (e.g. IIA guidelines, AS2), including technology-based audit approaches
- Experience with logical access controls
- Experience with IT Services management and use of maturity and process improvement models (e.g. ISO 20000, SEI-CMM) and its integration with information security standards (e.g. ISO 27001/17799)
- Experience with IT systems supporting and feeding into the log management process (ArcSight, ISS, ESM, Real Secure, Snort, Mcafee VirusScan, EPO, CSA, IronPort)
- Certified Information Systems Auditor certification (CISA) and Certified Information Systems Security Professional (CISSP) certification
- Knowledge of banking or financial systems (e.g. SAP, PeopleSoft, LARS, SUMMIT)
- Knowledge of security controls for network, database, application, and operating systems
- Knowledge of configuration, change, and release management in relation to development and maintenance of systems and infrastructure
- Good knowledge of the use of control frameworks (e.g. ISO 27001/17799 and COBIT)
- Knowledge of best practices and standards for monitoring and reporting information security performance (e.g. key risk and performance indicators, NIST/ PRISMA Maturity levels)
- Knowledge of privacy and operational risk frameworks/acts (e.g. HIPAA, GLBA, Basel II)
- Good technical understanding of the IT operating system, databases, network, environment (UNIX, Windows, Oracle Sybase, CISCO network infrastructure)
- Familiar with major external auditing firms' SOX control framework
Experience Matrix for Levels:
- Level I - 2+ years of experience
- Level II - 5+ years of experience
- Level III - 7+ years of experience
*Benefits are available only to W2 Contractors.
*This is not a remote based position.
*In person interview is required.
*Open to C2C ? Approved Vendors Only
This position is structured as a long-term, renewable contract.
NTT DATA Services is a leading IT services provider and global innovation partner with 300,000 professionals based in over 50 countries. NTT DATA recently acquired Dell Services. NTT DATA Services emphasizes long-term commitment and combines global reach and local intimacy to provide premier professional services, including consulting, application services, business process, IT outsourcing, and cloud-based solutions. We are a part of NTT Group, one of the world's largest technology services companies, generating more than $100 billion in annual revenues and partner to 80% of the Fortune 100. Visit www.nttdataservices.com to learn how our consultants, projects, managed services, and outsourcing engagements deliver value for a wide range of businesses and government agencies.
The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law. To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.