Quick Summary

IT Risk & Controls Manager at Detroit, MI, USA

Required Skills

Interpreter Inspirational Communication Train Coordinate Develop Review Assist Quality Guidance Coach Monitor

Job Description

Maganti IT Resources LLC

Title: IT Risk & Controls Manager

Location: Detroit, MI

Type: Permanent

Job description:

Our world-class IT organization supports an information technology driven business. We deliver industry-leading IT solutions to the “Best Online Bank” (Money Magazine, 2011 and 2012) and the leading Auto Finance Company. IT oversees critical functions that enable the day-to-day operations of the entire enterprise.

Responsibilities include interpreting and responding to IT Open Control Matters and Risk issues for the assigned business unit or global function, train and support IT Managers to ensure common understanding is in place to meet compliance standards and resolve issues, support IT programs in conjunction with business, regulatory, and auditor expectations. Coordinate activities with internal and external auditors. Coordinate IT Management efforts in the collection and reporting of risk metrics.

Risk and Control activities include:

• Enhance the IT control framework and help the IT organization integrate management of operational risk into their processes and practices

• Educate and train IT members in practices of risk and controls management

• Convey applicable legal and regulatory IT requirements for inclusion in standards and controls

• Develop and communicate controls required for use in SOX, project development and vendor acquisition

• Assist process owners in defining operational controls specific to their areas of responsibility

• Review existing and proposed controls for effectiveness and opportunities for improvement

• Provide guidance to management in self-assessing their own control environments

• Support organizations within IT to comply with audits, regulatory exams, assessments, and testing programs

Assist IT personnel by:

• Interpret and explaining requests from auditors, examiners, assessors, and testers

• Assist auditees in determining appropriate evidence needed to respond to requests

• Review evidence being provided by auditees to assure appropriateness, accuracy, and completeness

• Discuss potential issues with auditors and auditees to help determine if the finding is truly an issue

• Coach auditees on the development of proper action plans to address issues

• Review plans to assess effectiveness of proposed remediation and appropriateness of the timeline

Assist auditors and assessors by:

• Provide input on risks and open issues related to areas to be examined

• Assist auditors in obtaining evidence by escalating, as needed

• Consult on potential issues monitor and manage project and vendor risks

• Advise project team members on appropriate steps to identify and mitigate project risks

• Identify controls required in the project design and the steps to be taken for verification of controls

For high-risk projects:

• Review risks and risk mitigation plans prior to each tollgate

• Advise on controls to be included and steps needed to test controls

• Escalate concerns with unmitigated risks prior to go-live for projects involving application acquisition

• Assist project team in obtaining and reviewing SSAE16 or similar documentation for determining effectiveness of vendor controls

• Provide guidance for additional control evaluation needed beyond SSAE16

• Proactively manage open control matters.

• Track status of open control matters reported in the Risk Convergence Report (audit, regulatory, SOX, PCI, risk and compliance assessments, self-identified)

• Obtain status updates from action plan owners at least monthly

• Provide status of open issues to IT leadership, as well as second and third LoDs

• Assist management in remediating and closing issues on time, helping to collect appropriate evidence and document request for closure, as needed

• Validate completeness of remediation efforts to maximize acceptance for closing, and minimize reopening of issues

The IT Risk & Controls Manager reports to the Risk and Compliance Director.

Required qualification:

• 5-15 years experience of Risk & Control in the banking industry

• Proficiency with Risk Management Practices

• Strong IT audit experience

• Strong Risk assessment experience

• Knowledge of ITIL processes

• Familiarity with COBIT Information Security

• Familiarity with Sarbanes-Oxley compliance

• Experience at a financial holding company (FHC)

• Experience with ISO2700x and PCI-DSS Information Security

• Familiarity with GLBA, EU Data Protection Directive, and other relevant laws and regulations

• Knowledge and experience in performing assessments aligned with FFIEC work programs

‘A PLUS’

• Industry designation (e.g., CRISC, CISA, CISSP, CISM)

• Strong written and oral communications skills including the ability to create organized and articulate summaries of risk assessment findings/points of view that are easily understood by teammates, LOBs, etc.

• Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues

• Familiarity with Federal Financial Institutions Examination Council (FFIEC) guidance and work plans

• Ability to work effectively as a member of a cross-functional team

• Knowledge of IT infrastructure and security

• Proficiency in Microsoft Office Applications

• Analytical and problem solving skills

• Self-motivation and direction

• Detail orientation

• Good organizational skills, ability to establish priorities

• Ability to multi-task, handle competing priorities and follow through on all open items/tasks

• Ability to travel up to 25%

• BS/BA or equivalent experience required