Cloud Risk Management -locals

Cloud Risk Management Subject Matter Expert opportunity- Hybrid

3 Months Temp to Hire

Locations: Texas, Florida, New Jersey, New York or Boston

• Must have solid AWS or Azure experience can come from a banking environment
  
  

Summary

The primary responsibility is supporting the Chief Information Risk Officer in providing risk oversight of the control environment in the First Line of Business (this role sits in the 2nd Line of Defense). The project is focused on implementing a cloud-based digital bank across the enterprise impacting technology and business operations.

The role will be part of a dedicated team and execute against Information Risk Management strategy and conduct independent risk assessments/review and challenge on technology, fraud, payments, and third-party projects/processes/controls for a new digital bank platform being deployed both on-prem and in the AWS cloud. This role is expected to be able to lead assessments, identify and assess risks, document findings and opinions, and report and escalate as necessary to executive management or corporate risk partners. This role will need to work in close partnership with all lines of internal risk management peers including other first line of defense teams, corporate risk functions and internal audit. This role requires a combination of financial services (ideally US banking) risk management and cloud technology experience and expertise.

Responsbilities

• Day to day responsibilities in your IRM role will include:
• Identifying risks and requirements related to regulations and policies.
• Mapping risks and requirements to product functionality and processes
• Reviewing configuration, controls and mitigation activities against risks
• Assessing testing designs and approach and review test result output
• Preparing materials for risk and compliance governance meeting review and signoff
• General IRM responsibilities include:
• Manage delivery timelines and develop materials to ensure IRM independent opinion appropriately represented during committee meetings, external exams and internal audits.
• Ensure all activities and deliverables achieve their timeliness, quality and accuracy service levels.
• Help keep CIRO informed on status of program execution and emerging risks.
• Ensures a sound operational and compliance control environment through establishment of a system of internal controls.
• Continuously monitor sources of risk within LOB KRIs, KPIs, QC functions, control testing, losses, fraud, incidents, and industry events. Identify control and policy/procedure updates.
• Drive, track and report on issue identification and remediation.
• Support process for constructive engagement with the Second and Third Lines of Defense regarding differences or conflicts in operational risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute.
  

Required Skills

• Education: bachelor’s degree or equivalent work experience in Accounting, Business, Statistics, Risk Management, Information Systems/Security, Finance, Economics or equivalent field.
• 5+ years of Technology Risk Management, GRC, or Audit experience
• Practical experience using industry frameworks such as COBIT, ITIL, NIST 800-53, CSA-CCM v4, Fed Ramp, CIS Benchmarks, to identify, assess, mitigate, and report information and operational risk.
• Minimum 2+ yrs. of Cloud experience (adoption, implementation) in AWS, Azure, (AWS preferable).
• Experience working directly in one or more of these Cloud domains - Solutions Architect, DevOps, SysOps, or Data Engineering – is highly desirable. Should have working knowledge of services such as (or equivalent to) AWS EC2, API Gateway, CodeCommit, CodePipeline, Lambda, S3, RDS, VPC, ELB, Route53, Auto-Scaling, IAM through AWS Console, and CloudFormation.
• Fundamental understanding of Cloud architectures, controls and risks from hands-on practical experience is a must.
• AWS-Certified Cloud Practitioner foundational certification (or equivalent for other Cloud platforms), higher certification levels a strong plus.
• Risk Certification preferred (i.e., CRISC, CISM, CISA, etc.)
• Demonstrated knowledge of operating in a regulated entity, preferably a bank
• Drive results and meet deadlines to reduce risks in a fast-paced environment with minimal supervision.
• Analyze highly complex business issues and produce results, opinions and recommendations that are conveyed in an easy-to-understand manner.
• Strong ability to lead, partner, and influence across all leadership levels.
• Excellent communication skills, including an ability to influence stakeholders across the organization, to speak effectively in small and large-group settings, and to write clearly in internal memos, presentations and e-mails.
• Strong attention to detail in a fast-paced work environment.
• Fully accountable for timeliness, completeness, quality of projects, processes, products and services
• Remains calm and focused on goals while facing pressures, obstacles or short-term setbacks.
• Keeps up to date with external market events, pressures and regulations which may impact the organization and assesses whether similar issues exist in the organization.
• Monitors adherence to policies, regulations, processes and procedures within function and actively undertakes corrective action where necessary.
• Understands end to end processes across the organization and how processes are integrated.