Manage, conduct & monitor risk-based Technology Testing Program covering Technology Processes, Applications & Infrastructure for SLOD by coordinating with first and third lines of defense, as well as other technology risk management stakeholders, including regulators
Assist with the assurance that the technology testing strategy (Test Of Design & Test of Effectiveness) alignment between Business, Technology and Risk Management across the organization
Provides consulting and support for various IT related SME areas and initiatives to identify and mitigate operational risk in business activities. Provide technical support to the team for issues identified in the testing.
Implements testing strategies and methodologies; evaluates the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; identifies operational risk issues; advises management on risk ratings and evaluates ratings against established policy standards.
Conducting effective connections and processes with other risk programs, key risk types, sub types and others as warranted
Being informed and communicating new or emerging risks, including appropriate escalation of concerns and issues, assuring the expected controls and control risk library are accurate, up to date and comprehensive at all times.
Examining and providing input and feedback of the monitoring of existing risk profiles and practices, including appropriate escalation of concerns and issues
Working with all stakeholders to assure each has the tools, processes and expertise to effectively manage technology risks and the Control Testing policy, methodology and process
Document Testing Findings and generate periodic risk reports on the current status of Technology Risks
Communicating program awareness and communicating/training regarding the program for all stakeholders
As the Technology Risk Review and Oversight Control Testing function is new for the Enterprise, this position will also play a key role in helping to implement and execute the Testing Program to effectively and efficiently operationalize this function. This may include the following activities:
Offering input and feedback with defining functional governance structures/processes, risk appetite/tolerances and reporting.
Reviewing and assisting with implementation of the appropriate industry technology risk management frameworks.
Offering input and feedback with the development and implementation of enterprise-wide technology risk policies and procedures and systems and controls.
Offering input and feedback with development and execution of control testing plans.
Offering input and feedback with developing and executing plans to address gaps and improve the effectiveness of technology risk management, paying particular attention to trends in financial services and other highly regulated industries.