Member of Compliance & Risk, Testing and Monitoring

You will manage and execute testing lifecycles using multiple methodologies and perform compliance and information security reviews. You will gather data, conduct walkthroughs and detailed testing, prepare fieldwork materials and analytics, and clearly document findings. You will evaluate and quantify risks and controls, communicate results to management and stakeholders, and work with control owners to develop, challenge, and validate remediation plans. You will track issues from identification through remediation, assist with issue management framework implementation and metrics, and use GRC tools to support audits and reporting.

Responsibilities

• Manage and execute testing lifecycles using multiple methodologies
• Execute and manage all phases of compliance and information security test reviews including data gathering, walkthroughs, testing, reporting, and issue tracking
• Prepare fieldwork materials, perform data analysis, and scope reviews with clear documentation
• Identify and evaluate risks and controls to determine whether compliance obligations are met
• Manage and track findings from identification through remediation
• Collaborate with risk and control owners to validate and challenge remediation plans
• Implement and improve issue management frameworks using metrics and tracking
• Identify and quantify information security threat scenarios and assess mitigating controls
• Communicate testing results and complex issues clearly to management and stakeholders
• Build and maintain effective relationships with stakeholders and external partners

Requirements

• Knowledge of testing lifecycles and methodologies
• Experience in IT risk and information security audits
• Experience in regulatory compliance, risk management, and auditing practices within financial services
• Strong working knowledge of core banking regulations such as Complaint Management, Disclosures, Financial Crimes Compliance, Privacy and Security
• Conceptual knowledge of audit/testing lifecycle, information security risk and controls, SOC, and policy governance
• Experience producing clear, accurate reports summarizing identified issues
• Experience with GRC management tools (e.g., AuditBoard)