Facebook pixel

Sr. Manager of Technology Risk & Controls
Confirmed live in the last 24 hours
Locations
Remote • United States
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Agile
Management
SCRUM
Requirements
  • Bachelor's Degree with at least 5 years of experience in technology risk management or Masters's Degree with 3 years of experience
  • Knowledge of software development methodologies, particularly Agile/Scrum methodologies
  • Exceptional analytical, coordination and collaboration skills and the ability to communicate effectively with all levels of the organization and external parties
  • Regulatory compliance experience OCC, FINRA, CFPB and/or FRB desired
  • Experience in technology control optimization, testing and monitoring
  • Experience working with Information Security Risk Assessment methodologies such as ISO 27005 and NIST SP800-53
  • Experience working with Information Security control frameworks such as ISO 27001/27002, SOC I/II, PCI DSS, FFIEC CAT, NIST 800-53
  • Experience working with the second line of defense (Risk and Compliance) and third line of defense (Internal Audit) teams on issues life cycle, examinations, and emerging trend identification, and Business Continuity/Disaster Recovery
  • Experience working within an IT or Engineering organization with hands-on IT solution implementation
Responsibilities
  • Coordinate the development, implementation, compliance with and ongoing maintenance of IT policies, standards and procedures and ensure that all IT policies, standards and procedures are compliant with regulatory expectations as well as Varo's defined policies
  • Drive, coordinate and monitor the progress of initiatives/projects related to the remediation of audit findings or control weaknesses, gap analysis results, risk assessment results, and incidents, to minimize the impact of risk and threats to the technology of the Bank
  • Establish IT Business Continuity Plan (BCP) and Disaster Recovery (DR) testing methodologies and lead regular IT DR and BCP exercises in partnership with the Risk Management function
  • Oversee the execution of first-line controls self-assurance and risk assessment activities (ad hoc controls review, risk and control self-assessment (RCSA)) and support independent risk and audit activities as needed. Lead gap remediation efforts as a result of RCSA findings
  • Provide progress reports on implementing information systems controls to inform stakeholders and ensure that deviations are promptly addressed
  • Conduct IT controls testing to ensure they are working as designed and in accordance with policies and procedures
  • Assess and recommend tools and techniques to automate information systems control verification processes
  • Consult on controls design and efficiency with operations partners in support of their commitments to align with all applicable laws, regulations, and internal Varo policies and procedures
  • Drive risk culture and accountability, specifically influence self-identification and disclosure of control self-assurance gaps
  • Ensure gaps are identified and mitigated via remediation plans that adhere to Varo processes including timely issue and corrective action submission, accurate root cause identification, corrective action monitoring, and on-time closure
  • Facilitate the establishment, identification, collection and active monitoring of metrics and key performance indicators (KPIs) and key risk indicators (KRIs) to enable the measurement of information systems control performance in meeting business objectives
  • Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity
  • Review activities related to GLBA, FFIEC CAT and NIST impacting IT in partnership with CISO org
  • Serve as a liaison to auditors and the Bank Committees as it relates to Technology group activities
Varo

501-1,000 employees

Online banking