Lead IT Controls & Risk Framework Specialist

Software Guidance & Assistance, Inc., (SGA), is searching for a Lead IT Controls & Risk Framework Specialist for a CONTRACT assignment with one of our premier Financial Services clients in lower Manhattan, NYC. He or she will need to work in the office 1-2 days/week.

Role Overview: This role is critical in strexngthening our control environment by expertly mapping technology controls using Common Control Framework and providing senior-level guidance on control adoption. The ideal candidate will possess deep technical knowledge of various technology domains, a comprehensive understanding of risk methodologies, and a proven track record of successfully implementing and maturing control frameworks.

Responsibilities:

• Control Mapping & Harmonization:
  • Lead the comprehensive mapping of existing and new technology controls using the Common Control Framework (through UCF), ensuring alignment with relevant industry standards, regulations and internal policies.
  • Identify gaps and redundancies in current control implementations and propose solutions for optimization and harmonization across various technology platforms and business units.
  • Develop and maintain detailed documentation of control mappings, including rationale, evidence requirements, and ownership.
  • Develop, implement and oversee successful control adoption by Process Owners by developing training and informational materials.
• IT Risk Management:
  • Provide expert guidance on risk mitigation strategies, control enhancements, and residual risk acceptance, as required.
  • Collaborate with technology teams, business stakeholders, and leadership to prioritize and address effective challenge feedback from other First Line stakeholders and Second Line.
  • Assist in the development and implementation of risk reporting mechanisms to provide actionable insights to management.
• Framework Development & Maturity:
  • Contribute to the ongoing development, refinement, and maturity of the organization's technology control library.
  • Advise on best practices for control implementation, monitoring, and continuous improvement.
  • Support the integration of the technology control library into the broader GRC (Governance, Risk, and Compliance) ecosystem.
• Stakeholder Collaboration & Guidance:
  • Serve as a subject matter expert and provide senior-level guidance to technical teams, project managers, and business stakeholders on control requirements and risk considerations.
  • Facilitate workshops and training sessions to foster a strong understanding of control objectives and risk management principles.
  • Communicate complex risk and control concepts clearly and concisely to both technical and non-technical audiences.
• Audit & Assurance Support:
  • Support internal and external audit activities by providing evidence, explanations, and documentation related to control implementations and risk posture.
  • Assist in responding to audit findings and developing corrective action plans.

Required Skills :

• Experience:
  • Minimum of 10+ years of progressive experience in IT risk management, IT audit, information security, or IT compliance roles.
  • Demonstrable senior-level experience in mapping technology controls to common control frameworks (CCF) or similar consolidated control libraries.
  • Extensive experience with various cybersecurity frameworks and regulations (e.g., NIST, CoBiT, NYDFS, OSFI)
  • Proven experience conducting comprehensive IT risk assessments.
• Technical Acumen:
  • Strong understanding of diverse technology domains, including cloud computing, network security, application security, data protection, identity and access management, and infrastructure security.
  • Familiarity with various security technologies and their control capabilities.
• Analytical & Problem-Solving Skills:
  • Exceptional analytical skills with the ability to dissect complex technical and business processes to identify control points and risk exposures.
  • A strong, logical, and structured approach to problem-solving.
• Communication & Interpersonal Skills:
  • Excellent written and verbal communication skills, with the ability to articulate complex technical and risk concepts to diverse audiences, including senior leadership.
  • Strong interpersonal skills and the ability to build rapport and influence stakeholders at all levels.
• Independence & Proactiveness:
  • Ability to work independently with minimal supervision, manage multiple priorities, and deliver high-quality results in a fast-paced environment.
  • Proactive in identifying potential issues and proposing solutions.

Preferred Skills :

• Relevant industry certifications such as CISSP, CISM, CISA, CRISC, AWS/Azure Security Certifications.
• Experience within financial institutions, banking or other relevant industry under similar regulatory scrutiny.
• Unified Compliance Framework (UCF)

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.