IT and Operational Risk Management Associate (Local Candidates/Hybrid)

Depends on Experience

Full Time

  • Work from home


Operational risk managementIT RiskGRCRegulatoryCISACISSPCISCCSA

Job Description

  • They have some ORM (Operational risk management) going on so someone should have that experience.
  • GRC implementation is going on so if someone has that experience would be
  • Good understanding in risk and control standpoint.
  • Experience in system implementation.
  • Technical skills: understanding of risk framework, NIST, COBIT, CSF,
  • This is not a generalist role.
  • Exposure to FHFA would be great.
  • They are Oracle Java shop and they are in process of moving to cloud.
  • Experience in hands on risk and cloud operation would be plus


Critical Competencies:

  • Knowledge and working experience with ORM and ITRM Frameworks based on industry best practices and the three lines of defense model;
  • A minimum of 7 years of experience in performing IT/IS/ORM risk assessments and control testing leveraging IT/IS Frameworks and Standards (e.g., FFIEC, NIST CSF, ISO, COBIT, ITIL);
  • Knowledge of IT Risks associated with the System Development Lifecycle, Development Operations, Agile Development Processes, Infrastructure, Security Operations/Engineering, BCM/CM etc.
  • A team player who can comfortably work in a dynamic and fast-paced environment, and ability to respond to changing circumstances;
  • Ability to interact with senior management while balancing multiple projects and other responsibilities;
  • Experience with leveraging GRC platforms;
  • Regulatory experience with the Federal Housing Finance Agency is a plus;
  • Strong attention to detail with a proactive approach to solving and preventing problems;
  • Excellent organization, project management, and prioritization skills;
  • Excellent interpersonal skills to work in a team environment and to influence and interface with a broad range of stakeholders at all levels, internal and external;
  • Certified Information Systems Auditor (CISA), Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), or other risk management discipline certification;
  • Ability to take ownership of projects and deliver high-quality results.