Operational risk managementIT RiskGRCRegulatoryCISACISSPCISCCSA
- They have some ORM (Operational risk management) going on so someone should have that experience.
- GRC implementation is going on so if someone has that experience would be
- Good understanding in risk and control standpoint.
- Experience in system implementation.
- Technical skills: understanding of risk framework, NIST, COBIT, CSF,
- This is not a generalist role.
- Exposure to FHFA would be great.
- They are Oracle Java shop and they are in process of moving to cloud.
- Experience in hands on risk and cloud operation would be plus
- Knowledge and working experience with ORM and ITRM Frameworks based on industry best practices and the three lines of defense model;
- A minimum of 7 years of experience in performing IT/IS/ORM risk assessments and control testing leveraging IT/IS Frameworks and Standards (e.g., FFIEC, NIST CSF, ISO, COBIT, ITIL);
- Knowledge of IT Risks associated with the System Development Lifecycle, Development Operations, Agile Development Processes, Infrastructure, Security Operations/Engineering, BCM/CM etc.
- A team player who can comfortably work in a dynamic and fast-paced environment, and ability to respond to changing circumstances;
- Ability to interact with senior management while balancing multiple projects and other responsibilities;
- Experience with leveraging GRC platforms;
- Regulatory experience with the Federal Housing Finance Agency is a plus;
- Strong attention to detail with a proactive approach to solving and preventing problems;
- Excellent organization, project management, and prioritization skills;
- Excellent interpersonal skills to work in a team environment and to influence and interface with a broad range of stakeholders at all levels, internal and external;
- Certified Information Systems Auditor (CISA), Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), or other risk management discipline certification;
- Ability to take ownership of projects and deliver high-quality results.