Support and enhance the organization’s technology risk management, audit coordination, and IT control framework
Coordinate audit preparation activities—including scheduling, evidence collection, and stakeholder communication—for internal audits and regulatory examinations (e.g., FDIC, SOX, SOC, and other technology-focused reviews)
Serve as the primary liaison between Internal Audit, IT, and Compliance teams to ensure timely and accurate responses to audit inquiries
Oversee and track remediation activities; validate completion and effectiveness of corrective actions for technology-related audit findings
Conduct comprehensive Technology Risk Assessments, identifying inherent and residual risks across infrastructure, applications, security, and cloud environments
Evaluate the design and operating effectiveness of technology controls, including IT General Controls (ITGCs), logical access, change management, operations, and security controls
Perform independent control testing to verify compliance with policies, standards, and regulatory requirements
Advise IT leadership on control gaps, deficiencies, risks, and recommended remediation strategies
Provide risk insights for new initiatives, technology implementations, cloud migrations, and major IT projects
Support enhancements to the IT risk management framework, control library, and GRC tooling
Monitor emerging technology risks and collaborate with stakeholders to develop mitigating controls
Contribute to the development and maintenance of IT policies, standards, and procedures.

Requirements

Bachelor's degree in information technology, Cybersecurity, Risk Management, or related field (or equivalent experience)
5-10+ years of experience in IT risk, audit, information security, or technology governance
Strong knowledge of IT controls frameworks (e.g., COBIT, NIST, ISO 27001) and regulatory requirements (SOX, FFIEC, SOC, etc.)
Experience working with audit functions and responding to regulatory reviews
Ability to analyze control gaps and articulate risks clearly to technical and non-technical stakeholders
Preferred: Professional certifications such as CISA, CRISC, CISSP, CIA, or similar.
Experience with GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream)
Familiarity with cloud technologies (AWS, Azure, GCP) and related risk assessments
Prior first line Technology experience.

Benefits

Medical, Dental, and Vision (plus much more)
401(k) Plan with Company Match
Short- & Long-Term Disability
Wellness Programs
Group Life and AD&D Insurance
Paid Vacation, Sick Days and bank Holidays
Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT risk managementaudit coordinationtechnology risk assessmentsIT controls frameworkscontrol testingremediation strategiescloud risk assessmentstechnology governancecompliance verificationrisk analysis

Soft Skills

stakeholder communicationanalytical skillsarticulation of riskscollaborationadvisory skills

Certifications

CISACRISCCISSPCIA