IS Risk & Assurance Advisor (Applications Platforms and Data)

At GHD we dont just believe in the power of commitment we live and breathe it every day.

Thats why we pledge to support and empower all of our people to make a positive impact when working hand in hand with our business to drive change. Well help you accelerate your career and empower you with the right technology and training as you bring ideas and projects to life.

Together with your colleagues clients and partners youll make an impact that is felt by all. See where your commitment could take you.

Who are we looking for

As a senior Second Line of Defense (2LoD) Technology Risk & Control Assurance role within Information Services the IS Risk& AssuranceAdvisor provides independent assurance and strategic insight over the control environment supporting application platforms data and AI services software development domain and DNS management and the online/web ecosystem.

The role leads riskbased assurance and thematic review programs to assess control design and operating effectiveness identify systemic control weaknesses and govern remediation outcomes. It delivers executivelevel reporting on technology risk posture control effectiveness trends and material issues supporting informed decisionmaking by the CIO/CTO senior leadership and governance committees in alignment with industry frameworks regulatory expectations and client requirements.

Responsibilities:

• Maintains and evolves the control library mapped to internal policies and external frameworks (e.g. ISO/IEC 27001/2 Essential EightCMMCclient requirements).
• Defines platformspecific control objectives for applications data AI online/web DNSdevelopmentincluding control owners test procedures success criteria and evidence requirements.
• Partner withApplications Data & AITechnologyand Web/Digital teams to embed controls by design inbusiness plans.
• Runs a riskbased assurance program (design/operating effectiveness testing) for target platforms.
• Executes thematic reviews (e.g. domain/DNS hygiene AI usecase onboarding web app release quality development practices data access controls) and facilitates remediation plans with owners.
• Validates control evidence tracks findings to closure and escalates material nonconformances and risks.
• Produces monthly CIO/CTO Platform Assurance Reporting: control effectiveness ratings heat maps KRIs trend analysis and material risks/issues.
• Supportsinternal/external audits and client assessments with defensible evidence.
• Deliversactionable insights highlighting control gapsandrecommended fixes.
• Coordinates AI usecase risk assessments data protection measures logging/traceability and model/service controls.
• Provides oversight of the web environment secure configuration code development and promotion protections lifecycle CSP/HSTS usage defectleakage metrics and domain portfolio governance (renewals registrar lock DNS change control DNSSEC (where relevant)data privacyand name server posture).
• Identifieschangingregulatoryand compliancealignmentmanaging change and impacts to thecontrolsenvironment
• Providesinsightfuldashboards and reports toseniorleadership and governance committees
• Championscontinuous improvementin the domain teamandmentorteam members

Skills and Competencies:

• Maintainsand evolvesthe technology risk and control library mapped to internal policies and external frameworks (e.g. ISO/IEC 27001/2 Essential Eight CMMC and client requirements).
• Definesand governsplatformspecific control objectives across applications data AI online/web DNS and development domains including control intent ownership assurance approach success criteria and evidence expectations.
• Providesindependent oversight challenge and advisory input to Applications Data & AI Technology and Web/Digital teams to support the embedding of controls by design within business plans and delivery approaches.
• Designsand executesa riskbased technology assurance program including control design and operating effectiveness assessments for inscope platforms and services.
• Leadsthematic and deepdive reviews (e.g. domain/DNS hygiene AI usecase onboarding web application release quality development practices and data access controls) andgovern remediation planning and outcomes with accountable control owners.
• Validatescontrol evidence managesfindings tracksremediation progress to closure and escalatesmaterial control weaknesses nonconformances and risks in accordance with governance thresholds.
• Producesregular CIO/CTO Platform Assurance reporting including control effectiveness ratings risk heat maps key risk indicators (KRIs) trend analysis and material risks and issues.
• Supportsinternal and external audits and client assessments providing defensible assurance artefacts evidence and subjectmatter expertise.
• Deliversclear actionable insights highlighting control gaps emerging risk themes and prioritised improvement recommendations.
• Provide secondline oversight of AI risk management including governance of AI usecase risk assessments data protection controls logging and traceability and model/service control expectations.
• Provide secondline oversight of the online and web environment including secure configuration standards development and release practices lifecycle controls defect leakage metrics and domain portfolio governance ( registrar lock DNS change control DNSSEC where applicable data privacy and name server posture).
• Monitorsand assess regulatory compliance and client requirement changes and managestheir impact on the technology control and assurance environment.
• Providesinsightful dashboards and reporting to senior leadership and governance committees to support informed riskbased decisionmaking.
• Championscontinuous improvement in technology risk and assurance practices and mentor team members within the IS Risk & Compliance function

Qualifications:

• Bachelors degree in Information Security IT or related field
• Knowledge ofISO/IEC 27001NISTSP 800-171 CMMC L2IRAP/ISM/PSPF/DSPF ASD E8ML3
• 510 years in ITand controls-relatedroles
• Strong coordinationdesigntesting andrisk-relatedskills
• Excellent communication documentation and stakeholder engagement abilities

Benefits:

• 401K - Employees are eligible to participate on the first day of the month following 3 months of service
• Paid time off Our PTO benefit is designed to provide eligible employees with a period of rest and relaxation sick and personal time throughout the year. PTO starts at 16 days per year and increases with years of service
• Holiday Pay - Holiday pay is provided for eligible employees. GHD observes 9 holidays per year. Holiday pay will be based on the regular set schedule for the employee
• Wellness Benefit- Regular full-term employees are eligible to participate in the wellness reimbursement program. GHD will reimburse 50% of the cost of the following to maximum of $250.00 reimbursement annually for such items as: Health club membership fees Home exercise equipment purchases Bicycles Race run & marathon entrance fees Smoking cessation programs Weight loss programs ( Watchers Jenny Craig) Fitbits and Fitness Tracking devices

Salary range: $- $146625.00 based on experience and location

Take on some of the worlds toughest challenges - with everyone at GHD backing you every step of the way.

Well give you control over your career empower you to find innovative solutions and help you create a lasting impact.

See where your commitment could take you with GHD.

As a multicultural organization we encourage individual achievement and recognize the strength of a diverse workforce. GHD is an equal opportunity employer. We provide equal employment opportunities to all qualified employees and applicants without regard to race creed religion national origin citizenship color sex sexual orientation gender identity age disability marital status or veteran status.

#LI-RM1