Manage the full lifecycle of technology controls, including identification, assessment, mapping, monitoring, testing, and reporting in alignment with Technology Risk Taxonomy.
Apply and promote risk management policies and governance frameworks.
Collaborate with business partners to identify and document key controls, ensuring compliance with internal standards and requirements.
Partner with First, Second, and Third Lines of Defense (FLOD, SLOD, TLOD) to streamline control testing and reduce duplication of efforts.
Support the mapping of technology issues to the Technology Risk framework and work closely with Issue Management teams.
Liaise with stakeholders and external auditors to ensure accurate and up-to-date control documentation, testing, and remediation.
Contribute to the development and improvement of tools and processes for technology risk management efficiency.
Assist with annual Technology Risk Assessments to ensure controls are current, effective, and properly documented.
Analyze test data, review testing results with business units, and address gaps by coordinating with Issue Management.
Ensure controls are written and maintained according to Enterprise Risk Management Policy, including regular control attestation.
Communicate complex processes and regulatory requirements effectively to various stakeholders.
Adhere to testing schedules and ensure all required reporting and tasks are completed within set deadlines.
Utilize knowledge of risk management frameworks (SOX, COBIT, NIST, CSA, ITIL, PCI, GDPR, etc.) to recommend control improvements.
Engage and communicate with all organizational levels, including senior leadership, to drive risk management initiatives.
Operate efficiently in a fast-paced environment, managing multiple projects with a high degree of ownership and urgency.
Design and implement repeatable, sustainable processes to operationalize risk management.
Maintain strong documentation, organizational, and presentation skills with attention to detail.
Preferred background: 2-3 years’ experience in IT/Technology/Internal Audit/Compliance (ideally in financial services, e-commerce, or Big 4), and a Bachelor’s degree in Information Management Systems.