IT Risk and Audit Manager (Financial Services)

Job Req #: 21-12086Job Description: IT Risk and Audit ManagerLocation: Denver, COPosition Type: Permanent/FTE The Global Technology department plays a crucial role in supporting the success of the business. We are responsible for developing and implementing state-of-the-art software and hardware maintenance to support our fund management, trading, distribution and operational areas with secure, stable and resilient technology platforms. Overview of the roleYou are responsible for establishing and maintaining overall IT operational risk management and business continuity functions. You are responsible for identifying, evaluating and reporting on IT operational risks in a manner that meets our regulatory and compliance requirements. You will maintain, manage and govern IT's BCM function for recovery from all types of business disruption risks (natural, technical, geopolitical, accidental, workforce, supplier) across the entire geographic footprint of the enterprise. You will work proactively with the various business units and internal departments and organizations to implement practices that meet defined policies and standards. As a risk manager, you are the "process owner" for all IT-related risk assessments and identification activities for the company's IT systems and information assets and for its IT-dependent strategic business objectives. A crucial element of your role is working with senior leaders, line-of-business managers and other key decision makers to determine acceptable levels of residual risk for the company as a whole and for various internal groups and organizations. You are a proven inspiring leader, problem solver, integrator of people and processes, as well as an effective internal consultant. You need a solid domain of competencies in a number of IT-risk-related disciplines, including security, business continuity management, audit coordination, privacy and compliance. You must be much more than simply a technology and controls expert; you must also possess significant management and communications skills and industry specific business knowledge. Duties and responsibilities You will:Collaborate closely with the Enterprise Risk Business Partners, ensuring compliance and alignment with the related frameworkWork alongside internal and external audit and coordinate audit activitiesLead the coordination IT audit activities for the SOX and Internal Controls Reports (ISAE 3402), acting as the main point of contact for internal partners, external auditors and other parties as requiredGuide the development and implementation of internal policies, procedures, and controls, ensuring that activities are consistent with objectives, operating model and organizational strategySupport the identification and documentation of risks and control weaknesses, and mitigation of those risks and weaknessesFacilitate the error management process, including escalation, root cause analysis, resolution of errorsAssess, supervise, and control the Technology risk portfolioCarry out additional duties as assigned Technical skills and qualificationsTracks and reports risk management trends, opportunities and remediation monthlyWorks closely with Enterprise Operational Risk, Information Security, Compliance, and Privacy organizations to develop and implement effective IT risk management practicesMakes recommendations to the Head of IT Strategy and Planning, appropriate risk governance committees, line-of-business managers concerning IT-risk-related controlsActs as risk management liaison with all levels of the IT organization and with the lines of business and other internal groups and organizationsSupervises the IT-risk-management-related activities of indirect reports and othersA Bachelor's of Science degree is preferred, with a focus on IT- or IT-risk-related disciplines (for example, security, privacy, BCM and compliance), or five to seven years of experience in IT risk management or a related fieldBeneficial certifications include: Certified Information Security Manager, Certified Information Systems Security Professional or equivalentBasic knowledge of a broad range of standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration and Six SigmaKnowledge of common risk management methodologies such as Development of Control Objectives, Risk Identification and Assessment, etc The base salary range for this position is $110,000-$120,000. This range is estimated for this role. Actual pay may be different.Audrey LambTechnical RecruiterAscent