Vice President Impact Assessments

Contribute to leading-edge security and resilience efforts advancing protective strategies and propelling continuous improvement.

As an Assessments & Exercises Vice President in Cybersecurity Technology & Controls you will contribute significantly to enhancing the firms cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people processes and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline this role you will evaluate preventative controls incident response processes and detection capabilities and advise cross-functional teams on security strategy and risk management.

Job responsibilities

• Evaluate controls for effectiveness and impact on operational risk as well as opportunities to automate control evaluation
• Collaborate closely with cross-functional teams to develop comprehensive assessment reports including detailed findings risk assessments and remediation recommendations making data-driven decisions that encourage continuous improvement
• Assess the impact of identified technology control observations on internal controls over financial reporting ensuring timely escalation.
• Continuously monitor technology risks to ensure adherence to firm standards regulatory requirements and industry-leading practices.
• Develop and execute risk mitigation strategies ensuring technology control observations are addressed through the design and implementation of effective processes and controls.
• Partner with internal control functions internal audit and external audit teams to support technology controls testing as well as quarterly and annual SOX and SOC reporting programs.
• Contribute to initiatives that strengthen the management of technology risks within business processes and SOX/SOC programs by conducting ongoing process and control assessments ensuring governance adherence and alignment with firm standards and policies.
• Leverage artificial intelligence and monitoring tools to proactively identify analyze and mitigate risks by interpreting process data insights and metrics for control effectiveness.
• Lead and execute assigned technology risk assessment activities including annual quarterly and ongoing reviews walkthroughs and oversight of control operating effectiveness.
• Develop materials and communicate impact assessment findings recommendations and status updates to senior leadership business process owners and relevant stakeholders.
• Collaborate with cross-functional teams across business and technology to design implement and evaluate effective technology controls ensuring their positive impact on business processes.
  

Required qualifications capabilities and skills

• Obtain 5 years of experience in technology risk management information security or a related field with hands-on expertise in controls testing observation assessment and remediation.
• Excellent communication collaboration and report writing skills with the ability to influence and engage stakeholders across various functions and levels
• Demonstrated ability to evaluate technology risks and control observations with a solid understanding of industry standards and leading practices.
• Strong analytical and problem-solving skills with a track record of resolving risk issues and supporting remediation strategies.
• Familiarity with risk management frameworks regulatory requirements and compliance standards such as SOX SOC 1 SOC 2 COSO NIST COBIT and SEC guidance for internal controls over financial reporting.
• Proven ability to leverage IT expertise to support compliance initiatives and enhance control environments.

Preferred qualifications capabilities and skills

• Hold relevant industry certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) or other recognized credentials in risk management or information security.
• Knowledge/experience in modern programming language
• Experience with cloud platforms including Azure AWS or Google Cloud.
• Excellent communication and presentation skills with the ability to influence stakeholders at all levels and effectively convey risk-related findings to both technical and non-technical audiences.
• Strong interpersonal skills and a collaborative approach to working with cross-functional and geographically dispersed teams.
• Commitment to ongoing professional development and staying current with industry trends.