GCS Risk/Compliance Coordinator?Senior Federal Reserve Information Technology NOTE: This position will be located in either Dallas, TX, East Rutherford, NJ, or Richmond, VA Candidates should review the FRB Employee Code of Conduct to ensure compliance with issues related to previous employment and prohibited financial interests. The Code is available on the About Us, Careers webpage at http://www.richmondfed.org/. Job Summary: Provides coordination, consultation and leadership for compliance/controls related activities and programs (SOX/COSO control testing, ERM assessments, FISMA compliance reviews, SAFR assessments, etc.) and is responsible for ensuring that all associated requirements are met. Provides organization and coordination of audit engagements for numerous internal and external audits, ensures that management responses are completed on time, and that all findings are tracked and remediated on schedule. Provides foundation for management team in supporting the effective and efficient management of risks across the organization. Principal Duties and Responsibilities: Oversees/coordinates regular SOX/COSO compliance testing and reporting of results. Leads in the development of new SOX/COSO control activities and tests; identifies opportunities for improving/strengthening existing COSO control activities and tests. Leads remediation efforts for failed tests, as necessary. Develops and oversees dissemination of staff awareness training. Provides coordination and consultation support for additional compliance/control related activities including FISMA compliance reviews, Board of Governor (BoG) reviews, etc. Leads remediation efforts for failed tests, as necessary. Develops and oversees dissemination of staff awareness training. Oversees and coordinates all activities required for adherence to SAFR policies and processes and governing standards. Interfaces with Information Security Operations and responds to the Security Assessment Reports (SAR). Maintains System Security Plan (SSP). Develops and oversees dissemination of staff awareness training. Provides leadership and serves as central point of contact for audit activity (internal audits, Board of Governors reviews, external audits, etc.). Coordinates the collection of information from technical support staff and management during engagements and facilitates communication and efficient delivery of required information to auditors. Develops management responses and facilitates the selection of effective remediation solutions; tracks issues to closure. Represents department audit status as necessary in division meetings, audit kick-off and close-out meetings and other high profile events. Interfaces with Enterprise Risk Management (ERM) to ensure fulfillment of ERM requirements. Works with management to identify and analyze risk profile, identify high-value options to improve risk management results and develop the tactical plans necessary to implement selected solutions. Tracks and provides reports to management on progress of implementing the selected solutions. Maintains inputs to tools/databases used to archive and track compliance control data and test results. Coordinates the retrieval and reporting using the data within the tools. Develops and distributes management reports using the data from the tools. Coordinates users and access to control/compliance data. Initiates and maintains communication and information flow with various control functions within National IT (e.g., Information Security Operations, Enterprise Risk Management (ERM), Accounting, Controls & Compliance (AC&C), etc.). Communicates directly and regularly with all levels of staff and management to report on status of compliance issues, audit findings, and risk management/ assessment activity. Makes formal presentations and provides written status reports for senior level management. Facilitates decision-making and escalates issues related to controls, policies, procedures, and the technical implementation of controls to appropriate management level as required. Participates in special projects and performs other duties as assigned. Position Requirements: Education & Experience: Bachelor's degree in Information Technology or related field and 4 to 7 years of experience conducting internal information technology system audits and risk assessments, developing and implementing an audit and control framework, identifying various risks to the organization and making recommendations for corrective actions and mitigation of risks. Or, an equivalent combination of education and job related work experience is required. Professional audit certification is required, i.e. CISA or CISM. Knowledge & Skills: Technical Knowledge and Skills Expertise in IT audit requirements with a particularly strong emphasis on IT controls and IT audit procedures including SOX/COSO. Extensive knowledge of IT risk management processes including ERM. Advanced level knowledge of information security standards and practices including NIST 800 SP series and ISO 27001/27002. Advanced knowledge of IT technical areas (e.g., operating systems, network, middleware, database, security, contingency, day-to-day operations, etc.). Knowledge of project management principles and advanced problem resolution skills. Interpersonal Skills Ability to interact comfortably and successfully on all management and staff levels and with various internal and external audit entities. Proven negotiation and relationship management skills are necessary to develop solutions to sensitive situations. Ability to foster relationships which provide for effective ongoing communication. Leadership Must be able to lead and motivate staff and management and get successful results with no direct authority. Ability to influence and obtain the support of others from across the organization so that our obligations to the auditors are accomplished. Must be able to advise management on how they can manage risks. Ability to lead changes to operating policies or practices. Must be able to assume a project leadership role as necessary to support system, division and department initiatives. Analysis & Decision Making Advanced analytical, problem-solving, design, and implementation skills to facilitate resolution of technical compliance issues and support maintenance of an effective controls environment. Expertise and professional judgment to assist others with interpreting requirements and developing compliant processes and procedures. Ability to analyze control issues and requirements and consistently arrive at appropriate decisions regarding the implementation of requirements and reporting of results. Must use good judgment and recognize when issues require senior level involvement. As a frequent contributor to special projects and ad hoc meetings, ability to identify relevant issues and effectively support the decision-making process. Communication Excellent verbal and written communication skills are required to coordinate activities on all levels. Must be able to develop and deliver presentations to satisfy stakeholder expectations. Ability to produce clear, accurate, and timely status reporting. Must be comfortable and effective in initiating conversations and communications necessary to resolve issues. Self Management Self directed with initiative, follow through and the ability to work and manage independently to complete multiple initiatives simultaneously with tight deadlines. Must lead change where appropriate and adapt effectively to evolving requirements. Actively seeks responsibility and assumes ownership of results. Ability to work effectively in cross-functional, multi-location environment. Demonstrates irreproachable business ethics in all activities. Independent Judgment/Complexity: A high level of independent judgment is needed in order to lead the assessment of the adequacy of compliance efforts across the organization and the resolution of frequent ad hoc issues. Issues can become complex from a technical and organizational standpoint. This position requires the ability to research and understand complex issues and to demonstrate sound judgment in contributing to and arriving at decisions. Supervision/Leadership: Performs own work with high degree of independence. Acts in an oversight role monitoring and reviewing work of others. Ability to organize and lead special project efforts and teams. Ability to influence and drive process change as necessary. Other Requirements: Extended hours often required (and often sitting) to meet deadlines. Occasional travel is required and may include overnight stays and multi-day trips. Position requires the use of desktop automation tools. Federal Reserve Information Technology offers competitive salaries, excellent benefits, progressive technology, and the greatest co-workers.
.
CareerBuilder - 11 months ago
- save job
-
block
