Risk & Control Business Analyst- NY (closed)
IT Business Risk & Control
The role sits within the Business Risk and Control team in this Investment Banks Technology Services Global Banking and Markets in NY, which is primarily an internal control function with responsibility for: IT Operational Risk (Education & Awareness), Risk Controls Assessment, New Product Due Diligence, Dispensation/Risk Acceptance Process. This group is part of the overall Global Business Risk and Control organization that is run centrally from London and is responsible for providing a first line of defense as part of the broader operational risk management framework.
- Participate in the undertaking of Internal Control/Themed reviews at request of Global Chief Risk and Control Officer, Management etc.
- Assist in the Americas IT SOX program and provide guidance to IT staff on suitable controls to remediate findings.
- Participate in the undertaking of Risk Control Assessments (RCA) across all asset classes, documenting results and communicating findings to Business Management. Monitor the implementation and remediation of control deficiencies identified from RCA.
- Facilitate the Dispensation and Risk Acceptance process
- Track operational losses and conduct root cause analysis on high impact events. Provide recommendations to improve or remediate the applicable processes and/or controls.
- Maintain the banks Internal Control standards, including the timely implementation of internal and external audit points together with any issues raised by external regulators. Be aware of the Operational Risk scenarios associated with the role and act in a manner that takes account of operational risk considerations.
- Preparation and presentation of committee, working group and training materials.
- Other duties as assigned by management.
It is essential to have a good understanding of the following: Operational Risk and Internal Control, Information Security, Access Management, Software Development Lifecycle, Incident / Problem Management, Change/ Release Configuration Management, Project Management, Risk Assessment Process.
Operational risk, audit, accounting or other control-related qualifications (e.g. CISA, CIA, CISSP, CRISC) Experienced external/internal IT auditor, IT SOX Tester, IT Operational Risk, Information Security or IT Management Consulting/IT Project Management. Knowledge and experience of controls over the development, administration, security of technology (UNIX, Windows, i-Series, Sybase, Oracle, MSSQL, Middleware (MQ, Websphere) etc ) within an Information Technology function. Banking or Financial Services experience and the ability to build and manage effective relationships at all levels and obtain buy-in from time constrained stakeholders. Strong background in operations and/or operational risk within a financial services or IT function.