Risk Controls Self-Assessment Control Owner Insider Threat

Overview:

We are seeking a highly skilled and detail-oriented Risk Controls Self-Assessment (RCSA) Control Owner to support Insider Threat management within a highly regulated financial institution. This position will play a critical role in hosting and facilitating assessments of insider threat controls, monitoring and reporting control effectiveness, and providing actionable insights to drive improvement across the enterprise. The ideal candidate will have a strong understanding of insider risk and a proven ability to manage control-related activities in a fast-paced, compliance-driven environment.

Key Responsibilities:

1. Control Assessments and Facilitation:

• Host and support business units in performing Risk Control Self-Assessments (RCSA) for insider threat controls.
• Ensure alignment with regulatory requirements and organizational policies throughout the assessment process.
• Provide guidance and expertise to business unit stakeholders to identify, document, and assess control effectiveness.

2. Monitoring and Reporting:

• Continuously monitor the effectiveness of insider threat controls across the organization.
• Develop and maintain metrics and reporting mechanisms to evaluate control performance.
• Identify and escalate control deficiencies, gaps, or risks, and support business units in developing remediation plans.

3. Scorecard Development and Presentation:

• Design and maintain scorecards to summarize insider threat control performance and effectiveness metrics.
• Present quarterly scorecards to enterprise control managers, highlighting key findings, trends, and recommendations for improvement.

4. Collaboration and Communication:

• Partner with Insider Risk, Compliance, and Audit teams to ensure proper governance and oversight of insider threat controls.
• Act as a liaison between business units and enterprise control managers, ensuring clear communication of risks, expectations, and outcomes.

5. Continuous Improvement:

• Contribute to the development and enhancement of RCSA processes, tools, and frameworks to ensure efficiency and accuracy.
• Stay informed about emerging risks, regulatory changes, and best practices in insider threat management.

Qualifications:

Education: Bachelor's degree in Risk Management, Business Administration, Cybersecurity, or a related field.

Experience:

• 5+ years of experience in risk management, internal controls, audit, or insider threat programs in a highly regulated environment.
• Strong understanding of RCSA processes and enterprise risk management frameworks (e.g., COSO, NIST).
• Familiarity with insider threat risks, behaviors, and mitigation strategies in financial institutions.

Skills:

• Exceptional analytical and problem-solving skills.
• Strong written and verbal communication skills with the ability to present complex information to senior stakeholders.
• Proficiency in developing metrics, scorecards, and dashboards (e.g., Excel, Power BI, Tableau).
• Ability to manage multiple priorities and deadlines in a dynamic environment.

Preferred Qualifications:

• Experience with insider threat detection and monitoring tools.
• Knowledge of regulatory requirements (e.g., FFIEC, SOX, GLBA) and their application to insider risk.
• Professional certifications such as CISA, CRISC, CISSP, or similar are highly desirable.

Key Competencies:

• Results-driven with a focus on continuous improvement.
• Collaborative and able to build strong partnerships across teams.
• Detail-oriented with strong organizational skills and attention to accuracy.