Role:
At a senior level of proficiency, this position will provide compliance and risk management support to all l evels of management. Identify and implement process and control changes, along with adoption of industry best practice risk mitigation techniques. Exhibit strong technical and team leadership skills in working with IT and business partners to (1) develop, implement and maintain the IT general and application computer controls in alignment with the COBIT framework for the governance and management of IT; (2) develop and implement IT risk framework, methodologies, controls, and processes for identifying, evaluating, monitoring and reporting IT risks; (3) collaborate with internal/external auditors and examiners on the state of IT controls; and (4) oversee the review and assessment of vendor control environments and formulate a vendor risk rating. Responsibilities: Work with internal auditors, external auditors, and Federal Housing Finance Agency examiners to identify, document, and communicate evidence of our control environment. Ensure that deviations from established policies or controls are thoroughly reviewed, documented, and appropriately reported. Identify gaps and assist in the design and implementation of remediating controls. Analyze, design, develop, document, implement, and support IT internal controls to ensure reliability and transparency of general IT and application controls, effectiveness and efficiency of operations, and compliance with applicable rules, regulations, guidelines, policies, and procedures. Analyze and document vendors control environment and independent assessments to assess the effectiveness or control gaps to formulate risk rating. Oversee the development, ongoing management, and monitoring of the COBIT Process and Practice library ensuring that the documents are reviewed, and updated on regular frequency in alignment with the COBIT framework for the governance and management of IT. Monitor control activities and report on the effectiveness of the control or opportunities to enhance the process. Participate in the development, analysis, and review of IT reporting to communicate department performance against key indicators, performance on prioritized initiatives, and results of incident investigations. Collaborate and support team members with other strategic project initiatives. Expectations: Advanced knowledge of IT controls and experience communicating with internal auditors, external auditors, and Federal Housing Finance Agency examination staff on the state of IT controls. Attention to detail and accuracy are critical for this position. Independently gather documentation of IT key processes and explain these to auditors or examiners. Work with auditors or examiners to verify findings, define corrective actions for findings, assist with implementation as needed, and track resolutions. Independently or with minimal supervision, work closely with developers, systems, security and users to research complex controls across multiple platforms, software packages and programming languages. Advanced knowledge of COBIT framework and ability to develop and implement best practices to processes. Demonstrate an advanced level of understanding and ability to document key enterprise risks and controls, including the ability to discern strengths and weaknesses. Maintain awareness of changes in the areas of IT governance and controls, risk management, SOX compliance and records management. Knowledge of records management concepts and best practices and apply relevant practices. Willingness to adapt to changing business and technical environments. Provide regular reporting on projects and tasks to assist management. Balance multiple tasks, priorities, and deadlines. Protect business records created or used in business processes to ensure availability, confidentiality, integrity; and the retention and destruction of such as specified by relevant policies. Ability to handle multiple tasks simultaneously, ability to problem solve, memory for details, ability to prioritize, and ability to maintain concentrated mental and visual attention for sustained periods. Knowledge and Skills:
Experience: Senior level of competency with five to eight years of similar or related professional experience.
Education: Bachelor's degree or equivalent work experience. A professional certificate or a graduate degree is preferred.
Interpersonal Skills: A significant level of trust and diplomacy is required, in addition to normal courtesy and tact. Work involves extensive personal contact with others and/or can be of a personal or sensitive nature. Work will involve motivating or influencing others. Outside contacts become important and fostering sound relationships with other entities (companies and/or individuals) becomes necessary and often requires the ability to influence and/or sell ideas or services to others. Other Skills: Three to five years of general audit/risk identification/control skills and the ability to work effectively to achieve deadlines. Good communication skills, both oral and written, and the ability to work effectively under stress and deadlines. Ability to independently identify IT control issues, define options and recommend solutions. Assist in implementation as needed. Strong knowledge of IT internal controls required. Strong knowledge of COBIT framework. Ability to collaborate with business partners, bank management and auditors or examiners to achieve departmental and corporate goals. Ability to set priorities, consistently meet deadlines and simultaneously manage multiple projects. Inquiring mindset with the ability to think logically. Strong knowledge of experience using Microsoft products. Ability to protect and classify business records created or used in business processes to ensure availability, confidentiality, integrity; and the retention and destruction of such as specified by relevant policies. Ability to work independently, knowledge of office automation software and use general office equipment. Experience with Agile development methods. Strong experience with network and application security concepts, database administration, and user access security standards #LI-JM4