IT Controls & Risk Framework Analyst

Software Guidance & Assistance, Inc., (SGA), is searching for an IT Controls & Risk Framework Analyst for a CONTRACT assignment with one of our premier Financial Services clients in lower Manhattan, NYC. He or she will need to work in the office 1-2 days/week.

Role Overview: This role is critical in strengthening our control environment by expertly mapping technology controls using Common Control Framework and providing senior-level guidance on control adoption. The ideal candidate will possess technical knowledge of various technology domains, a good understanding of risk methodologies, and some experience implementing and maturing control frameworks.

Responsibilities:

• Control Mapping & Harmonization:
  • Support the comprehensive mapping of existing and new technology controls using the Common Control Framework (through UCF), ensuring alignment with relevant industry standards, regulations and internal policies.
  • Help identify gaps and redundancies in current control implementations and propose solutions for optimization and harmonization across various technology platforms and business units.
  • Develop and maintain detailed documentation of control mappings, including rationale, evidence requirements, and ownership.
• IT Risk Management:
  • Provide guidance on risk mitigation strategies, control enhancements, and residual risk acceptance, as required.
  • Assist in the development and implementation of risk reporting mechanisms to provide actionable insights to management.
• Framework Development & Maturity:
  • Contribute to the ongoing development, refinement, and maturity of the organization's technology control library..
• Stakeholder Collaboration & Guidance:
  • Help the senior lead in facilitating workshops and training sessions to foster a strong understanding of control objectives and risk management principles.
• Audit & Assurance Support:
  • Support internal and external audit activities by providing evidence, explanations, and documentation related to control implementations and risk posture.
  • Assist in responding to audit findings and developing corrective action plans.

Required Skills :

• Experience:
  • Minimum of 3+ years of experience in IT risk management, IT audit, information security, or IT compliance roles.
  • Some experience in mapping technology controls to common control frameworks (CCF) or similar consolidated control libraries.
  • Exposure with various cybersecurity frameworks and regulations (e.g., NIST, CoBiT, NYDFS, OSFI)
• Technical Acumen:
  • Some understanding of diverse technology domains, including cloud computing, network security, application security, data protection, identity and access management, and infrastructure security.
  • Familiarity with various security technologies and their control capabilities.
• Analytical & Problem-Solving Skills:
  • Strong analytical skills with the ability to dissect complex technical and business processes to identify control points and risk exposures.
  • A strong, logical, and structured approach to problem-solving.
• Communication & Interpersonal Skills:
  • Excellent written and verbal communication skills, with the ability to articulate complex technical and risk concepts to diverse audiences, including senior leadership.
  • Strong interpersonal skills and the ability to build rapport and influence stakeholders at all levels.
• Independence & Proactiveness:
  • Ability to work independently with minimal supervision, manage multiple priorities, and deliver high-quality results in a fast-paced environment.
  • Proactive in identifying potential issues and proposing solutions.

Preferred Skills :

• Relevant industry certifications such as CISSP, CISM, CISA, CRISC, AWS/Azure Security Certifications.
• Experience within financial institutions, banking or other relevant industry under similar regulatory scrutiny.

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.