The IT Risk and Controls Audit & Regulatory Control Lead is responsible for providing support for all internal and external audit and regulatory activities throughout the GTI Service Operations team. The role is focused on client assurance audits, including SSAE16, and regulatory and industry compliance assessments, including Sarbanes Oxley 404 and PCI Data Security Standards compliance testing. This role will also provide oversight for the tracking and reporting of the remediation of business and audit identified issues, ensuring results adhere to the corporate IT Risk and Control requirements.
The successful candidate will work in a small dedicated audit focused team, in partnership with GTI Technology Control Officers and line of business Risk and Controls functions across different firm wide line of business including Corporate Investment Bank (CIB), Corporate Commercial Bank (CCB), Risk & Finance Technology (RFT) and GTI globally.
- Coordinate the GTI Service Operation activities for audit and regulatory engagements
- Receive and validate engagement requests for information
- Assign requests to appropriate service areas within GTI Service Operations team for fulfillment
- Track and monitor the status of all requests, escalating as appropriate to ensure SLA adherence.
- Provide oversight for the remediation of business and audit identified issues.
- Track and monitor the status of all action plans at the key milestone level, ensuring the corporate IT Risk and Control requirements are achieved.
- Document self-identified control gaps within the environments, and the associated remediation plans.
- Communicate with key stakeholders, providing accurate metrics and management reports on timely basis
- Provide strategic drive for engagement efficiency and effectiveness improvements, including process enhancements and use of automated data collection techniques
- Ensure compliance of activities with audit, information risk policies, and industry compliance requirements.
- Act as an interface with internal and external audit groups.
- Ensure process capability, control and improvement by developing and implementing relevant quality assurance procedures.
- Develop processes and tools that encourage continuous performance improvements.
In addition, you will establish and maintain working relationship and be responsible for the following:
- Relationship building with technology management, business management, program sponsors, vendors and business clients
- Oversee the transition of end user and data center services to the corporate support model and technologies.
- Oversee a common integration model of various infrastructure technology teams into the corporate support model ensuring continued support of current business activities
- Oversee execution and remediation of action plans by the teams, tracking the progress of milestones, validation of control effectiveness, and reporting of the progress.
- Oversee the execution and compliance of cyber related book of works, and infrastructure hygiene efforts.
- Working with businesses, application development and technology areas to develop solutions to address control gaps, and to define workflow management gaps to be remediated as part of the integration activities
- Document current infrastructure technology book of work to identify resource gaps and workload opportunities to leverage corporate resources, and prioritize risk-based distribution of workload
- Working with technology teams, define target state architectural design of the intercorporate technology architecture which complies to corporate, regulatory, and industry requirements
- Working with the TCO organization, lines of business and infrastructure teams to deploy appropriate compensating controls to address security and risk gaps
- Driving corporate IT Risk initiatives, setting direction and implementing initiatives
- Act as a communication channel between technology and the business for ongoing program management status and issues
- Manage workload of Project Resources to proactively identifying and resolving issues that would present a risk to on-time implementation of the program/project