Overview
Skills
Job Details
A banking services company in New York City is seeking a new Risk & Controls Manager to join its Information Security GRC (Governance, Risk & Compliance) team. In this role, the Risk & Controls Manager will be responsible for assessing and managing IT and cybersecurity risks, ensuring the effectiveness of internal controls, and supporting regulatory compliance efforts.
***This position can be Remote or Hybrid in NYC. If remote, candidates must work EST hours***
Responsibilities:
Evaluate internal IT and Information Security controls to ensure alignment with internal policies, regulations, and industry standards
Manage and maintain the Information Security Controls Catalog
Oversee GRC platform functionalities such as policies, control libraries, risk assessments, and issue tracking
Report on cyber risk and control posture to the CISO and other senior stakeholders
Develop, document, and validate control procedures to strengthen the control environment
Support remediation efforts and the implementation of corrective actions for control gaps
Track and monitor results of risk assessments and control testing using dashboards and reporting tools
Mentor and manage junior team members, fostering knowledge-sharing and team development
Drive improvements in daily operational processes for greater efficiency and effectiveness
Qualifications:
5+ years of experience in Information Security, IT Risk Management, Controls Assurance, or related domains
Bachelor's or Master's Degree in Computer Science, Engineering, Information Systems, or a related discipline
Solid understanding of cybersecurity principles, risk management, and control frameworks
Hands-on experience with GRC platforms (e.g., Archer, ServiceNow, MetricStream)
Strong written and verbal communication skills
Desired Skills:
Experience in the Financial Services industry or other highly Regulated environments
Professional certifications such as CISA, CISM, CRISC, or similar
Working knowledge of industry-standard frameworks, such as: NIST CSF; NIST 800-53; ISO 27001; COBIT, CIS Controls; CSA CCM; etc.
Experience in the Financial Services industry or other highly Regulated environments
Exposure to the Cyber Risk Institute (CRI) profile or similar Regulatory-aligned Cybersecurity frameworks
Familiarity with Emerging Technology Controls, including AI governance and NYDFS Cybersecurity requirements