Veritude is hiring for a Principal Technology Risk Analyst at Investments. This position will be based in Merrimack, NH or Smithfield, RI.
The position will support the IT risk and controls program for Global Services (GS) Risk. This will include the documentation and testing of IT controls that support Personal Investing (PI), Workplace Solutions (WS), and GS Risk. Efforts will support ongoing controls assurance for the SOC 1 reports, ISO 27001 certification, regulatory exams, and other requirements. This contractor will be a member of the Technology Risk Management (TRM) team under GS Risk, which is part of the Global Business Services organization. This individual will report to the Vice President, based in Smithfield, RI. The job may involve occasional travel to Merrimack.
The mission of the TRM team is to enable business performance by mitigating IT risk and providing competitive advantage. Within scope of the TRM team is all IT control oversight, SOC 1 IT oversight, ISO 27001 certification, IT regulatory risk, IT audit oversight, IT risk assessment, and general IT risk management for each PI, WS and GS Risk lines of business. The team seeks to execute its mission with superior customer service, market-sensitive efficiency, and personal integrity and accountability for results.
- Perform IT General Control (ITGC) Readiness Assessments which determines whether the controls are in good order
- Document IT controls in the TRM control inventory
- Conduct IT control testing, to include evaluating the design and operating effectiveness of IT controls and working with management on appropriate remediation plans
- Support other IT risk work as required. This may include SOC 1 audits, Corporate Audits, risk assessments, and special projects. Provide technical assistance on risk related systems issues, and serve as a liaison for technology risk management
Education and Experience:
- Bachelor’s degree preferred
- 4 or more years’ experience with focus in any or all of the following areas:
- Information security/technology risk management
- Production operations
- Risk assessment
- Professional technology risk certification desired but not required (CISSP, CISA, CRISC, CISM)
Skills and Knowledge:
- Must have an audit-mindset; i.e., the ability to identify potential control deficiencies and provide constructive recommendations for management remediation
- Must have a working knowledge of IT and/or IT risk policies and procedures
- Must have advanced communication skills; writing and editing documents, structuring written messages in a logical and user-friendly framework, presenting findings clearly and concisely
- Intermediate proficiency in the following competency areas:
- IT Risk Audit and Control
- Work planning
- Business and IT functional knowledge
- IT Trends and Emerging Technologies
- Collaboration & Relationships