Technology Risk Assessment Specialist, AVP

State Street UK

2018-10-17 04:51:52

Job location London City, Greater London, United Kingdom

Job type: fulltime

Job industry: Banking & Financial Services

Job description

The Technology Business Controls organization is a risk-focused control and regulatory function that enables the Global Technology Services workforce and its partners to act as risk managers in order to protect the bank and ensure compliance with global regulations.
The Technology Business Controls organization is focusing on advancing the overall level of maturity with regard to understanding and mitigating risk in our environment. A major component of that is establishing and executing a formal Transformation Risk Assessment Methodology. This function will perform risk assessments on material change programs at design phase to assess potential inherent risks and drive risk reduction before they can materialize. As such the Technology Business Controls organization is transforming the way risk is managed, both in the day-to-day activities of supporting the business of a large financial institution as well as in efforts to leverage technological innovation to transform how that business is conducted. Our mission is to drive risk identification and awareness in all areas of technology operations, ensuring that risk is effectively managed and that our business and technology leaders have all of the information necessary to make sound, risk-aware decisions. We have launched a multi-year program to improve the maturity level of risk management for IT which includes the governance and execution of Transformation / Change Risk Assessments.


Key Responsibilities include:

Risk Initiative Lead: Drive execution of risk reduction initiatives across the spectrum of technology risk in the financial services industry, ensuring risk-reduction projects are delivering to the agreed time, cost, and quality, and continue to meet overall strategic objectives
Strategic Alignment: Ensure the projects within the program add value to State Street and contribute towards the strategic objectives
Assessment: Assess design of solution and coverage to qualify and quantify risk reduction with effective plans and correct priority of scope
Reporting: Promote transparency and open communication related to known risk by providing input to the Risk and Control Scorecards and Top Risk reports, and governance and quality assurance
Advice/Strategy: Leverage subject matter expertise and assessment results to advise risk and control owners and IT executives regarding risk management strategy and risk remediation activities
Culture: Drive a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities
Education/Training: Leverage expertise to provide relevant education and training to colleagues and stakeholders

Required Qualifications:

  • Bachelor's degree in risk management, a related field, or equivalent experience
  • Extensive experience in audit and risk assessment of technology and operational risks
  • Proven ability to lead and execute formal risk assessments at large, global financial institutions, from initial design, through execution and closure (broader, complimentary experience in other industries a plus)
  • Demonstrable experience in a broad array of risk assessment focus areas, including Operational Risk, Identity and Access Management, Data Privacy, IT General Controls, and Cyber Security
  • Practical experience evaluating/mapping controls to applicable regulations and industry standard frameworks (e.g. NIST, COBIT)
  • Practical experience with execution of formal controls assurance activities
  • Proven ability to work independently as well as a key contributor on large and small teams
  • Experience collaborating with risk owners in crafting risk responses and remediation plans to appropriately mitigate risk
  • Experience working on Operational Risk Management workstreams of large transformation initiatives
  • Experience working on Access Toxic Combinations
  • Extensive experience in communicating identified risks and results at all levels, from risk and control owners through executive management
  • Ability to effectively manage relationships at all levels of the organization in order to foster a culture of risk awareness and transparency
  • Ability to mentor and educate stakeholders regarding risk assessment best practices
  • Proactive approach to problem-solving and prioritization complemented by strong decision-making capability
  • Ability to effectively manage and maintain positive forward momentum on multiple concurrent projects
  • Experience of SAS 70 and / or SOC 1 reports / audits
  • Excellent organizational and time management skills
  • Strong Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint, Outlook)
  • SharePoint, MS Project experience a plus
  • Consulting experience associated with areas such as Audit, Risk, Compliance, Cyber and Information Security a plus
  • Experience working in Middle East and Europe
  • One or more related professional designations (e.g. CISA, CISM, CISSP, CRISC, PMP)
  • Candidate maintains evolving expertise in at least several of the following areas:
    • Information Technology
    • Information Security
    • Systems Development
    • Change / Release Management
    • Cyber Security
    • Logical and Physical Access Security
    • Operational Risk Management
    • Data Leakage and Protection
    • IT Transformation Risk
    • Emerging Risk Assessment

Location: London
This recruitment will be open from: 10th Sept 2018 until 10th October
Salary: Competitive

Inform a friend!