N.P.A.
Technology Risk and Controls Analyst - Working with a dynamic financial organisation in the heart of the city, whilst not essential any previous Financial/Banking experience would be highly beneficial. The Technology Department delivers differentiation, scalability and security for the business. Reporting to the COO, Technology provides digital tools, software services and infrastructure globally to all business groups. Software development and support teams work in agile streams' aligned to specific business areas. Our other teams work enterprise-wide to provide critical services including our global service desk, network and system infrastructure, IT operations, security, enterprise architecture and design. Technology Governance is responsible for defining Technology-wide standards, controls and reporting to ensure the Technology business is operating effectively and meeting its financial, strategic, assurance and regulatory obligations. The area covers Technology Strategy & Planning, Risk and Controls, Business Resilience, IT Service Continuity and Enterprise Architecture. Overall Responsibilities Facilitating and improving the Technology Risk Management process. Ensuring Technology controls are appropriate, facilitating reporting on Compliance to relevant internal stakeholders Facilitate and support Internal and External Audits, their execution and the tracking of reporting of remediating actions Supporting the development and embedding of underpinning process and procedure documentation, including assisting service/business/process owners with compliance to new policies and operationalising new working practices and procedures. Monitor and report on the performance of these processes across the organisation, recommending and implementing enhancements, and closing coverage gaps. Work with Operational Risk to manage and track key Technology Risks, provide support as part of Entity-wide risk reviews and control gaps. Facilitate the Technology Supplier Management process, ensuring that internal stakeholders are compliant with the framework and the status of 3rd parties is managed. Skills and Experience Essential Excellent verbal and written communication skills Understanding of SOX 404 IT General Controls Experience of working in a regulated environment and with stakeholders across Operational Risk, Audit and Compliance. Desired Experience working in a regulated environment and knowledge of the risk and compliance requirements associated with this. Practical experience of working with Quality Management Systems, ideally with ISO27001 Foundation certification or above. Risk Management - experience of facilitating the management of risks, ideally with a formal accreditation (eg ISO31000 or Management of Risk). IT Service Management - understanding of the disciplines required to design, develop, transition and operate technology services, ideally with a formal ITIL v4 certification. Practical experience of managing small project deliveries and improvement roadmaps. Experience of authoring process and procedure documentation.
Technology Risk and Controls Analyst - Working with a dynamic financial organisation in the heart of the city, whilst not essential any previous Financial/Banking experience would be highly beneficial. The Technology Department delivers differentiation, scalability and security for the business. Reporting to the COO, Technology provides digital tools, software services and infrastructure globally to all business groups. Software development and support teams work in agile streams' aligned to specific business areas. Our other teams work enterprise-wide to provide critical services including our global service desk, network and system infrastructure, IT operations, security, enterprise architecture and design. Technology Governance is responsible for defining Technology-wide standards, controls and reporting to ensure the Technology business is operating effectively and meeting its financial, strategic, assurance and regulatory obligations. The area covers Technology Strategy & Planning, Risk and Controls, Business Resilience, IT Service Continuity and Enterprise Architecture. Overall Responsibilities Facilitating and improving the Technology Risk Management process. Ensuring Technology controls are appropriate, facilitating reporting on Compliance to relevant internal stakeholders Facilitate and support Internal and External Audits, their execution and the tracking of reporting of remediating actions Supporting the development and embedding of underpinning process and procedure documentation, including assisting service/business/process owners with compliance to new policies and operationalising new working practices and procedures. Monitor and report on the performance of these processes across the organisation, recommending and implementing enhancements, and closing coverage gaps. Work with Operational Risk to manage and track key Technology Risks, provide support as part of Entity-wide risk reviews and control gaps. Facilitate the Technology Supplier Management process, ensuring that internal stakeholders are compliant with the framework and the status of 3rd parties is managed. Skills and Experience Essential Excellent verbal and written communication skills Understanding of SOX 404 IT General Controls Experience of working in a regulated environment and with stakeholders across Operational Risk, Audit and Compliance. Desired Experience working in a regulated environment and knowledge of the risk and compliance requirements associated with this. Practical experience of working with Quality Management Systems, ideally with ISO27001 Foundation certification or above. Risk Management - experience of facilitating the management of risks, ideally with a formal accreditation (eg ISO31000 or Management of Risk). IT Service Management - understanding of the disciplines required to design, develop, transition and operate technology services, ideally with a formal ITIL v4 certification. Practical experience of managing small project deliveries and improvement roadmaps. Experience of authoring process and procedure documentation.
Request Technology - Craig Johnson
Chicago, Illinois
*Position is bonus eligible* Prestigious Financial Company is currently seeking an Information Data Governance and Protection Analyst. Candidate will be responsible for supporting the development and implementation of the information governance, data protection, and privacy program. This includes supporting the development of strategies, policies, procedures, and controls related to the governance and protection of information throughout its life cycle. In addition, the role will work with stakeholders to define the information governance, data protection, and privacy requirements; will facilitate compliance with the identified requirements to control risk; will represent the program to internal and external stakeholders; and will support the development and implementation of training and awareness programs. This role will focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information including support of regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Responsibilities: Work with appropriate stakeholders and across the organization to create a culture that manages information as an enterprise asset Implementation of the information governance, data protection, and privacy program including the development of policies, procedures, and job aids Identification, implementation, and use of technologies to support program objectives and classification standards Execution of controls and risk assessments (eg, third-party risk, privacy, data protection) Responsible in performing the privacy impact assessment on data incidents and working with relevant stakeholders like Security Services and Legal to help closing the incident. Creation and execution of strategies to identify information across the organization and throughout its life cycle Preparation of program for regulatory and internal audits/examinations and timely remediation of any findings Use of technology/tools to track projects, manage deliverables and create reporting that support the program and its objectives Support of compliance assessments for information governance, data protection, and privacy including development of controls to measure risk Development and maintenance of the organization's Records and Information Management (RIM) program, ensuring information across all media and formats is properly retained and disposed including remediation of Legacy information Ensure retention, disposition, protection, and classification are addressed in new applications, platforms, and systems Collaborate with internal and external stakeholders to implement information governance, data protection, and privacy policies and requirements Support and develop training and awareness programs for information governance, data protection, and privacy. Identify trends in privacy and regulatory requirements, compliance enforcement, and action the necessary changes in the program. Qualifications: Strong interest in understanding and solving data challenges with experience in information governance, data protection, and privacy policy Knowledge of and work experience with enterprise systems, networks, databases, and other technical domains Strong attention to detail, customer orientation, communication, and presentation skills including the ability to listen and quickly translate business needs into solutions and build effective working relationships Strong experience in building the capabilities for auto data classification, data security and data protection. Experience with classification standard definitions and settings Experience with Privacy requirements and work with personal information and its protection Strong strategic thinking, problem solving, and analytic skills Utilize metrics as means to improve performance Ability to adapt to change in emerging environments and work across multiple areas Experience in developing policies and procedures Experience in project management, project execution, and managing multiple priorities in a timeline driven environment Experience working in a highly regulated environment including an understanding of audit and compliance requirements Office 365 (Word, Excel, PowerPoint) Experience with systems supporting Compliance, Risk, Audit, Privacy, and Management such as ServiceNow, Archer, etc. Project/Program Management Business Intelligence tool experience Bachelor's degree or higher in information management, information systems, law, computer science or BA/BS in another discipline with equivalent experience Experience in the financial services industry Certifications Preferred: Certifications in Information, Data, Privacy Records or Security such as: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Records Manager (CRM), and/or Certified Information Privacy Technologist (CIPT), Certified Information Systems Security Professional (CISSP), Information Governance Professional (IGP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)
*Position is bonus eligible* Prestigious Financial Company is currently seeking an Information Data Governance and Protection Analyst. Candidate will be responsible for supporting the development and implementation of the information governance, data protection, and privacy program. This includes supporting the development of strategies, policies, procedures, and controls related to the governance and protection of information throughout its life cycle. In addition, the role will work with stakeholders to define the information governance, data protection, and privacy requirements; will facilitate compliance with the identified requirements to control risk; will represent the program to internal and external stakeholders; and will support the development and implementation of training and awareness programs. This role will focus on compliance with applicable regulatory and legal rules and requirements (ie SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information including support of regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Responsibilities: Work with appropriate stakeholders and across the organization to create a culture that manages information as an enterprise asset Implementation of the information governance, data protection, and privacy program including the development of policies, procedures, and job aids Identification, implementation, and use of technologies to support program objectives and classification standards Execution of controls and risk assessments (eg, third-party risk, privacy, data protection) Responsible in performing the privacy impact assessment on data incidents and working with relevant stakeholders like Security Services and Legal to help closing the incident. Creation and execution of strategies to identify information across the organization and throughout its life cycle Preparation of program for regulatory and internal audits/examinations and timely remediation of any findings Use of technology/tools to track projects, manage deliverables and create reporting that support the program and its objectives Support of compliance assessments for information governance, data protection, and privacy including development of controls to measure risk Development and maintenance of the organization's Records and Information Management (RIM) program, ensuring information across all media and formats is properly retained and disposed including remediation of Legacy information Ensure retention, disposition, protection, and classification are addressed in new applications, platforms, and systems Collaborate with internal and external stakeholders to implement information governance, data protection, and privacy policies and requirements Support and develop training and awareness programs for information governance, data protection, and privacy. Identify trends in privacy and regulatory requirements, compliance enforcement, and action the necessary changes in the program. Qualifications: Strong interest in understanding and solving data challenges with experience in information governance, data protection, and privacy policy Knowledge of and work experience with enterprise systems, networks, databases, and other technical domains Strong attention to detail, customer orientation, communication, and presentation skills including the ability to listen and quickly translate business needs into solutions and build effective working relationships Strong experience in building the capabilities for auto data classification, data security and data protection. Experience with classification standard definitions and settings Experience with Privacy requirements and work with personal information and its protection Strong strategic thinking, problem solving, and analytic skills Utilize metrics as means to improve performance Ability to adapt to change in emerging environments and work across multiple areas Experience in developing policies and procedures Experience in project management, project execution, and managing multiple priorities in a timeline driven environment Experience working in a highly regulated environment including an understanding of audit and compliance requirements Office 365 (Word, Excel, PowerPoint) Experience with systems supporting Compliance, Risk, Audit, Privacy, and Management such as ServiceNow, Archer, etc. Project/Program Management Business Intelligence tool experience Bachelor's degree or higher in information management, information systems, law, computer science or BA/BS in another discipline with equivalent experience Experience in the financial services industry Certifications Preferred: Certifications in Information, Data, Privacy Records or Security such as: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Records Manager (CRM), and/or Certified Information Privacy Technologist (CIPT), Certified Information Systems Security Professional (CISSP), Information Governance Professional (IGP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA)