Governance Risk/Compl Spec II Job

Governance Risk/Compl Spec II (Job Number: 1306907)

Description

Incumbent will have responsibilities covering either Governance Compliance or Risk and is expected to perform the following duties in either discipline: Understand and assist in achieving unit service objectives and key performance indicators (KPIs). Promote and support a culture of compliance, risk avoidance/mitigation and corporate accountability throughout the organization. Identify opportunities to build GRC programs into the daily operations of Information Technology. Assist in the development of tools, training, policies, and procedures to support the programs. Provide analytical support to the management team regarding GRC metrics, reporting and special projects. Work with counterparts across all business lines to ensure policy/procedure and control standardization. May work with service providers to ensure proper controls are in place. Governance Compliance specific responsibilities: Work with auditors and technical subject matter experts to satisfy internal and external audit requirements and SOX compliance. Identify and implement opportunities for automation or efficiencies to improve governance/audit controls within TSG. Analyze existing controls to determine which are obsolete or out-of-date. Serve as a subject matter expert for governance and compliance frameworks and regulations within TSG. Risk specific responsibilities: Work with technical subject matter experts to identify, mitigate and manage risk. Review workflows, hand-offs, process steps and existing policies and procedures; analyze areas for improvement and provide recommendations. Ensure compliance with media management process and procedures and manage the physical aspects (transportation, destructions, etc.) of the process. Identify and monitor non-compliance and escalate when appropriate.

Underlying responsibilities will also be related to the implementation, ongoing upgrade and support of Risk and Control Governance (RCG) Framework Technology services for the generation of risk related data aggregation and reporting. These will include but not be limited to: 1) overseeing the access control of the technologies as well as the annual decentralized access review and attestation; 2) assisting internal clients in creating meaningful and concise Business Requirements Documents for new or existing processes; 3) adhering to the Software Development Life-Cycle for governance, management and review of process change requests and enhancements; 4) defining support processes, tools, and ongoing service level measurement metrics and reporting; and 5) ensuring timely resolution of software and platform related issues.

Qualifications

Minimum education - Bachelor's degree in Computer Science or equivalent. CISA, CISM, CRISC, PMP certification(s), a plus. Minimum experience - Minimum of 7 to 10 years and prior IT audit/risk experience preferred. Intermediate knowledge of RSA Archer or other similar platforms preferred. S/he must have strong oral and written communication skills and be comfortable with communicating with stakeholders from various business units. Understanding of information risks, application development, and technology infrastructure is preferred.

Primary Location: United States-USA-PA-Pittsburgh
Internal Jobcode: 17740
Job: Audit/Compliance/Risk
Organization: Information Risk Management-HR06032

May 10, 2013 • Tags: , • Posted in: Financial

Leave a Reply

You must be logged in to post a comment.