IT Business Associate (Risk Associate)
Location: McLean, VA
Information Technology Risk Advisory is looking for a risk associate to support Risk Advisory, Risk Assessment, and Third Party IT Risk Management. This position requires that the applicant have an understanding of third party risk and associated risk frameworks, operational risks, and the execution of risk management processes and governance within a large institution.
Work Will Fall into Three Primary Categories:
Risk Assessment and Identification
• Executing Third Party IT Risk Management program functions
• Identification, understanding and management of Information and Technology risk associated with the operational processes for the IT division
• Apply sound judgment in evaluating risks and controls; effectively challenge the business on the identification and acceptance of risks and the adequacy of controls.
• Perform risk assessments to reassess current risks and to identify emerging key risks (operational, compliance, technology, third party, etc.); Identify and assess control effectiveness and/or gaps.
Risk Advisory and Communication
• Advise the IT “customers” on means and methods to drive remediation of risk related issues and operational events
Risk Reporting, Metrics and Ongoing Due Diligence
• Reporting of IT risk metrics and data
• Providing transparency of risk exposures through implementing sound reporting for risk-based decision making
• Identify, assess and communicate risks as required for periodic third party assessments
• Bachelor’s Degree
• 3-5 Years of Experience
• Experience working with risk management - methods and techniques for the assessment and management of risk.
• Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and communication skills
• Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles
• Experience in IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, etc.
Keys to Success in this Role:
• Self-starter and self-motivated.
• Ability to work & collaborate effectively in a team environment.
• Sense of urgency and able to apply risk-based approach to prioritize work.
• Ability to communicate clearly, effectively, persuasively with technology and business stakeholders.
• Motivated to learn new technologies and identify process improvements and efficiencies.
• Ability to adapt to change while continuing to deliver on assigned objectives.
• Strong verbal and written communication skills.
CISA, CPA, CIA, PMP, CISSP or other relevant professional certification; Financial Services experience; IT Risk management experience; Knowledge and skills across: COSO, ISACA Risk IT framework, ISACA COBIT 5.0, ISO 31000-series and 27000-series, 13335