Support planning and execution of ORM IT & Information Security (IS) risk oversight testing projects across all areas of CT&A under the direction of the ORM IT&IS Team Lead
Evaluate technology control testing in accordance with regulatory standards, internal firm policies, and industry best practices
Partner with the ORM IT & IS Team Lead and CT&A stakeholders to create a review work plan based on annual risk assessment findings
Assess IT and Information Security operational risks, identify root causes, implement remediation plans, and escalate critical issues or exceptions to senior management for review and follow-up
Support the preparation of reports to senior management detailing review findings and recommendations
Report periodically on major activities completed and planned for the upcoming period
Ensure all findings and recommendations are recorded in CT&A’s issue tracker, and follow up on open issues to ensure proper resolution
Develop and maintain strong relationships with key stakeholders, including the Technology Testing Team, CT&A (e.g., business testing teams), Compliance, AFC, Business Divisional Control Officers, the Technology, Data and Innovation Group (TDI), and Group Audit

Requirements

Bachelor’s degree in computer science, Mathematics, Engineering, or a related field, or equivalent deep expertise in information security
Professional certifications such as CISA, CISSP, CISM, or CRISC
Familiarity with ITIL 4, COBIT5, or ISO 27001 is a plus
Experience in project or process/quality management, with solid knowledge of auditing IT application controls (e.g., through IT audits or IT risk management)
Deep understanding of how IT and Information Security risks relate to business process risks, especially in regulated financial institutions
Hands-on technical experience in IT operations plus expertise in at least one area: cybersecurity, infrastructure, SDLC, cloud engineering, or similar
Familiarity with ITIL 4, COBIT5, or ISO 27001 is a plus

Benefits

A diverse and inclusive environment that embraces change, innovation, and collaboration
A hybrid working model, allowing for in-office / work from home flexibility
Generous vacation, personal and volunteer days
Employee Resource Groups support an inclusive workplace for everyone and promote community engagement
Competitive compensation packages including health and wellbeing benefits, retirement savings plans, parental leave, and family building benefits
Educational resources, matching gift and volunteer programs

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT risk managementauditing IT application controlscybersecurityinfrastructureSDLCcloud engineeringtechnology control testingremediation plansregulatory standardsinternal firm policies

Soft Skills

relationship buildingcommunicationreportingproblem-solvingstakeholder managementorganizational skillscollaborationcritical thinkingattention to detailescalation

Certifications

CISACISSPCISMCRISC