Premier Employers are industry leaders that have forged exclusive partnerships with Meytier to forward our shared mission to offset bias in hiring, and are only visible to members of the Meytier community.
EXCLUSIVELY ON MEYTIER
You're in luck. This opportunity exclusively available through Meytier.
The Sr. Risk Manager role is responsible for providing oversight and governance of technology risks to ensure that the organization operates in a safe and sound manner within regulatory expectations. The candidate will join a first-line-risk team working directly with enterprise technology enablement teams (e.g. Cloud Platform, Cloud SRE, Architecture, Infrastructure.) to proactively identify, assess and mitigate risk as aligned with the enterprise risk appetite framework and industry best practices.
Key Responsibilities:
Act as a technical Subject Matter Expert on assigned projects and working groups responsible for identifying risks and controls inherent in various technical processes in the CI/CD pipeline and DevSecOps procedures.
Collaborate directly with technical contributors supported by the risk team to document process maps, procedures, control adequacy worksheets, control test steps and job aides utilizing Visio, Confluence, and other enterprise documentation tools.
Respond to internal and external audits, regulatory exams, and other requests for information. Assist in the evaluation of audit and examination findings and implementation of corrective action and needed responses.
Identify risk issues, create issue documentation in the enterprise system of record, GRC Archer, steward issue through second line approval, action plan and target date management and submit evidence for issue closure or significance downgrade when appropriate.
Analyze and interpret available risk and security data from GRC, Splunk, DataDog, ServiceNow, Nexus, Qualys and similar tools to identify risk trends, risk gaps, potential controls and risks.
Partner with first-line-risk and third-party-risk colleagues to complete routine risk management tasks and ceremonies, such as Risk and Control Self-Assessments (RCSAs), Ad-hoc Risk Assessments, Business Initiative Risk Assessments, Procedure Updates, Complementary User Entity Control Reviews, Second Line Risk Management Challenges, and so on.
Develop well-written, comprehensively-researched and data-driven risk reports within assigned deadlines.
Act as a primary liaison with business stakeholders to identify, track, report, and continuously manage Technology Risk exposure associated with their day-to-day activities in an on-demand consultative capacity.
Utilizing time-management and organizational skills as well as enterprise productivity tools such as Jira, manage multiple simultaneous time-sensitive workloads ensuring not to miss target dates, submission deadlines.
Stay current on changes to business processes, internal policy/standards, and industry trends in the evaluation of the potential impact on the banks risk profile.
Establish and maintain an effective business relationship with business partners, key project stakeholders, Audit and Governance teams, and subject matter experts to advise and support the business lines in preventing and mitigating risk.
Desired Profile:
Technical capability or knowledge of Information Technology, Information Security, and/or Data Management, including some of the following:
Public Cloud Infrastructure and related services (AWS, Azure, etc.).
Knowledge of Continuous Integration/Development (CI/CD) pipeline tools such as TerraForm, OpenShift, Bitbucket, GitHub, Jenkins, Nexus
Security Tools such as SonaType, Fortify, Qualys, Prisma, Splunk, CyberArk.
Operating systems such as RHEL, Windows, VMWare ESX.
Database technologies such as RDS, MongoDB, Redshift
Application design, network architectures, monitoring and resilience.
Experience with tools such as Excel, ServiceNow, Datadog and Tableau for collecting, analyzing and interpreting data from multiple sources, documenting the results and providing meaningful insights and conclusions.
Understanding of agile ways of working and related tools: Confluence, JIRA, etc.
Knowledge of internal controls, control frameworks (e.g. NIST, CoBIT, ITIL)and risk self assessment
Strong interpersonal skills to effectively communicate complex technical and risk matters with a view to drive understanding and alignment across a variety of technical and non-technical audiences.
Strong research, critical/analytical thought process, problem solving and writing skills.
Flexible and adaptable to change; ability to work comfortably with incomplete information and deal with ambiguity in a fast-paced environment.
Project management and autonomous prioritization skills to support complex concurrent assignments.
Education:
Minimum of 5 years of IT contributor, risk management, Internal Audit or equivalent experience
Master’s Degree (Business / Security / IT Related) or Bachelor’s Degree and equivalent career experience
Certifications Preferred:
Certifications in Information Technology, Security, Design and/or risk certifications preferred but not required (e.g., CISA, CISM, CCNA, CISSP, CRISC, AWS Cloud Practitioner or Azure Fundamentals).
Is this job not quite the right fit? No worries, Meytier has hundreds of active, open jobs. Browse more opportunities here. If you’d like to connect with a Meytier champion for help in your job search, create an account here.
{"group":"Organization","title":"Sr Technology Risk Manager- Cloud Infrastructure","skills":"<ul><li>Technical capability or knowledge of Information Technology, Information Security, and/or Data Management, including some of the following:</li><li class=\"ql-indent-1\">Public Cloud Infrastructure and related services (AWS, Azure, etc.).</li><li class=\"ql-indent-1\">Knowledge of Continuous Integration/Development (CI/CD) pipeline tools such as TerraForm, OpenShift, Bitbucket, GitHub, Jenkins, Nexus</li><li class=\"ql-indent-1\">Security Tools such as SonaType, Fortify, Qualys, Prisma, Splunk, CyberArk.</li><li class=\"ql-indent-1\">Operating systems such as RHEL, Windows, VMWare ESX.</li><li class=\"ql-indent-1\">Database technologies such as RDS, MongoDB, Redshift</li><li class=\"ql-indent-1\">Application design, network architectures, monitoring and resilience.</li><li>Experience with tools such as Excel, ServiceNow, Datadog and Tableau for collecting, analyzing and interpreting data from multiple sources, documenting the results and providing meaningful insights and conclusions.</li><li>Understanding of agile ways of working and related tools: Confluence, JIRA, etc.</li><li>Knowledge of internal controls, control frameworks (e.g. NIST, CoBIT, ITIL)and risk self assessment</li><li>Strong interpersonal skills to effectively communicate complex technical and risk matters with a view to drive understanding and alignment across a variety of technical and non-technical audiences.</li><li>Strong research, critical/analytical thought process, problem solving and writing skills.</li><li>Flexible and adaptable to change; ability to work comfortably with incomplete information and deal with ambiguity in a fast-paced environment.</li><li>Project management and autonomous prioritization skills to support complex concurrent assignments.</li></ul>","zohoId":"","endDate":"2024-06-19T18:30:00.000Z","isDraft":false,"jobType":"Full Time","job_url":"2862-citizens-sr-technology-risk-manager-cloud-infrastructure","agencyId":1,"benefits":"<p><span style=\"color: rgb(34, 34, 34);\">We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity /paternity leave, flexible work arrangements, education reimbursement, wellness programs and more.</span></p>","betaMode":false,"clientId":"35","location":[{"lat":41.5800945,"lon":-71.4774291,"zip":"","city":"","text":"Rhode Island, USA","state":"Rhode Island","country":"United States","is_city":false,"is_state":true,"is_country":false,"state_code":"RI","countryCode":"US","isLocationSet":true,"isLocationResolved":true}],"eeocFound":true,"maxSalary":"","minSalary":"","questions":[],"startDate":"2024-06-04T18:30:00.000Z","hiringSPOC":["Amol Todkari"],"hiringTags":[],"onBehalfOf":"49","companyName":"Meytier","description":" ","isHybridJob":true,"isRemoteJob":true,"salaryRange":"<p><span style=\"color: rgb(34, 34, 34);\">$120k-$140k</span></p>","titleSkills":[{"keyword":"cloud infrastructure","node_id":"i10192","removed":false,"node_ptr":[["meytier_root","information technology","it management","it infrastructure & networking","it infrastructure","cloud infrastructure"]],"priority":-1,"alignedTF":true,"must_have":false,"node_name":"cloud infrastructure","extractedTF":true,"not_a_skill":false,"nice_to_have":false,"nodeAlignedWt":20,"is_industry_term":false,"gender_threshold_yn":"","final_node_fft_weights":{"it infrastructure":1},"final_node_skarea_basetype":""}],"otherCohorts":[],"benefitsFound":true,"hiringManager":["User / Info not available"],"maxExperience":10,"minExperience":5,"type_of_slate":"job","hiringFunction":["Technology & IT Delivery"],"isOnPremiseJob":true,"onBehalfOfName":"Citizens","otherlocations":[],"blindHiringMode":false,"experienceLevel":"Mid / Senior","numberOfOpenings":"1","otherCohortsName":"","responsibilities":"<ul><li>Act as a technical Subject Matter Expert on assigned projects and working groups responsible for identifying risks and controls inherent in various technical processes in the CI/CD pipeline and DevSecOps procedures.</li><li>Collaborate directly with technical contributors supported by the risk team to document process maps, procedures, control adequacy worksheets, control test steps and job aides utilizing Visio, Confluence, and other enterprise documentation tools.</li><li>Respond to internal and external audits, regulatory exams, and other requests for information. Assist in the evaluation of audit and examination findings and implementation of corrective action and needed responses. </li><li>Identify risk issues, create issue documentation in the enterprise system of record, GRC Archer, steward issue through second line approval, action plan and target date management and submit evidence for issue closure or significance downgrade when appropriate. </li><li>Analyze and interpret available risk and security data from GRC, Splunk, DataDog, ServiceNow, Nexus, Qualys and similar tools to identify risk trends, risk gaps, potential controls and risks.</li><li>Partner with first-line-risk and third-party-risk colleagues to complete routine risk management tasks and ceremonies, such as Risk and Control Self-Assessments (RCSAs), Ad-hoc Risk Assessments, Business Initiative Risk Assessments, Procedure Updates, Complementary User Entity Control Reviews, Second Line Risk Management Challenges, and so on.</li><li>Develop well-written, comprehensively-researched and data-driven risk reports within assigned deadlines.</li><li>Act as a primary liaison with business stakeholders to identify, track, report, and continuously manage Technology Risk exposure associated with their day-to-day activities in an on-demand consultative capacity.</li><li>Utilizing time-management and organizational skills as well as enterprise productivity tools such as Jira, manage multiple simultaneous time-sensitive workloads ensuring not to miss target dates, submission deadlines. </li><li>Stay current on changes to business processes, internal policy/standards, and industry trends in the evaluation of the potential impact on the banks risk profile.</li><li>Establish and maintain an effective business relationship with business partners, key project stakeholders, Audit and Governance teams, and subject matter experts to advise and support the business lines in preventing and mitigating risk.</li></ul><p><strong>Education:</strong></p><ul><li>Minimum of 5 years of IT contributor, risk management, Internal Audit or equivalent experience</li><li>Master’s Degree (Business / Security / IT Related) or Bachelor’s Degree and equivalent career experience </li></ul><p><strong>Certifications Preferred:</strong></p><ul><li>Certifications in Information Technology, Security, Design and/or risk certifications preferred but not required (e.g., CISA, CISM, CCNA, CISSP, CRISC, AWS Cloud Practitioner or Azure Fundamentals).</li></ul>","extractedSkillIds":["d31545658","i10192"],"maxSeniorityLevel":6,"minSeniorityLevel":3,"otherJobReference":"","sharpenedJobTitle":"Sr Technology Risk Manager- Cloud Infrastructure","job_category_group":"2","growthOppurtunities":[],"educationQualification":"Baccalaureate Degree","skillSenNormalizedTitle":"","extractSkillsFromHereToo":true,"normalizedTitleSkillsObj":{},"companyTeamJobIntroduction":"<p><strong>About Role</strong>:</p><p>The Sr. Risk Manager role is responsible for providing oversight and governance of technology risks to ensure that the organization operates in a safe and sound manner within regulatory expectations. The candidate will join a first-line-risk team working directly with enterprise technology enablement teams (e.g. Cloud Platform, Cloud SRE, Architecture, Infrastructure.) to proactively identify, assess and mitigate risk as aligned with the enterprise risk appetite framework and industry best practices. </p>","dNIEEOCTextFocusOtherControl":"<p><span style=\"color: rgb(34, 34, 34);\">At Citizens we value diversity, equity and inclusion, and treat everyone with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.</span></p>","expertise_coreskill_or_product":["cloud infrastructure"],"displayJobDescriptionSimpleForm":true,"expertise_coreskill_or_product_id":["i10192"],"job_id":"2862"}
