IT GRC/Vendor Risk Associate - Infrastructure Business Office
Vacancy expired!
IT GRC/Vendor Risk Associate - Infrastructure Business OfficeDorchester, United States of AmericaWHAT YOU WILL BE DOINGThe IT GRC/Vendor Risk Associate will be part of the Infrastructure Business Office, representing the First Line of Defense and is responsible for partnering key FLoD and SLod stakeholders to ensure strong internal controls capabilities and remediation of the internal control environment for the represented business line and/or functional area. The Associate works to identify, assess and action various risks throughout the assigned business line by executing defined risk programs including but not limited to issue management, vendor management, material risk program, and other key risk management routines.Responsibilities:
- Adherence to Risk Frameworks, Policies, and Standards: Partner with Business Control Officer and SLoD to provide input/review of frameworks, policies and standards. Facilitate Business Line awareness of and adherence to risk frameworks, policies, and standards and issue validation. Report and escalate exceptions and facilitate Business Line corrective actions
- Analyzes documentation for evidence of successful and efficient performance.
- Applies developing knowledge and supports the design, assessment, and/or administration of quality assurance programs, practices and policies.
- Assists in the collection and initial analysis of data, preparation of business owner control surveys, Communication & Training: Work with team members and key stakeholders to develop appropriate metrics and deliver relevant and accurate data. Work with internal teams to gain an in-depth understanding of existing risks, causes, severity rating, controls and remediation Maintain two way communications with SLoD.
- Facilitate training for Business Lines to provide awareness of risk frameworks, policies, programs, processes, etc.,
- Conducts quality audits on all routine and complex transactions and correspondence to ensure proper processing according to established quality standards.
- Continuously monitors all sources of risk existing within the Business Line and externally. Engage in research, peer networking, and experience to anticipate critical risk issues impacting the Business Line. Understand where operational, strategic, reputational, compliance, and model risks exist in the Business Line and continually assess and improve controls to mitigate those risks. Monitor Key Risk Indicators and report on negative/adverse trends in Business Line. Monitor risk profile to maintain tolerance within Risk Appetite.
- Develops training on policies and procedures concerning controls and risk management.
- Drive Risk Culture: Ensure awareness in the Business Line of risk frameworks, policies and standards.
- Exam Management: Liaison with the Business Line for all exam related activities including regulatory, Internal Audit and Credit Risk Review. Review materials, responses and validate Business Line remediation work (e.g. artifacts, action plans, etc.), Independently conduct internal control testing including on-site observations, interviews with management and staff, analytical procedures and statistical/judgmental analysis and testing of data.
- Internal Control Testing: Implement and maintain internal control testing and control effectiveness monitoring in the Business Line. Validate the adequacy of controls, escalate deficiencies as appropriate. Identify root causes of control deficiencies/weaknesses and take appropriate action to ensure Business Lines remediate and prevent recurrence.
- Interprets regulations affecting control standards with large degree of independence and suggests methods of updating policies and practices to address any risk concerns.
- Leads operating process and internal control improvement initiatives.
- Manages complex projects that involve working with businesses to improve controls to mitigate any deficiencies.
- Partners with Internal Audit, Compliance, and/or Operations Management to share information and escalate issues as needed.
- Provides thematic analysis of issues for business to identify emerging trends.
- Reports audit results and determines corrective action plans, as necessary.
- Reviews current policies and procedures to identify process gaps and opportunities for improvement.
- Reviews, monitors and tests internal controls and procedures associated with products, services, customers and operations., Support the implementation of Key Risk Indicator (KRI) framework: Formally define and document metric definition details (metric type, provider, approver, numerator & denominator descriptions, source, scope, thresholds, Risk Basel category) in the centralized repository, Support structured metric submission process with established timeline and requirements.
- Through walkthroughs and testing, identifies possible internal control breakdowns and gaps and report them to management.
- Where applicable, Issue Identification, Management, and Risk Assessment: Vendor management, Conduct RCSA responsibilities including Process Mapping, Risk & Control Matrices, Inherent Risk Assessments, Internal Control testing and Heracles data/input. Engage and hold Business Line process owners accountable to identify and assess risks. Support Business Lines in risk identification (e.g. NPBA, change management, etc.) Ensure all issues (Self-Identified, IA, Credit Risk Review or Regulatory) pertaining to the Business Line are resolved within established timelines. Validate issues to ensure Business Line remediation is sufficient to address root cause and prevent recurrence.
- Works with the business to understand the controls currently in place to minimize risk.
- Bachelor's Degree; Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field.
- Master's Degree; Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field or equivalent work experience
- 5-9 years; Risk Management, Internal Controls, Auditing, Credit Management, relevant line of business experience and/or legal or regulatory experience.
- Risk Certification
- Ability to build credibility with, collaborate with, and influence line of business executives.
- Ability to build internal and external networks of information resources within the risk management ecosystem.
- Ability to collaborate with internal and external service providers to establish resource requirements, scheduling, assignments and service levels
- Ability to constructively work both independently and in collaborative environments involving all levels of management and employees
- Ability to deliver high quality documentation with focus on attention to detail
- Advanced understanding of the regulatory environment and how the risks of the products and services the bank offers are viewed by the Second Line of Defense and regulators.
- Demonstrated experience supporting and/or leading risk projects across multiple business lines offering a wide variety of financial services products and services.
- Excellent analytical and complex problem solving skills.
- Knowledge of the financial services sector, particularly with the competitive dynamics and products in retail banking and risk management.
- Strong project management skills.
- Understanding of BSA/AML and OFAC regulations, regulatory expectations and industry leading practices.
Vacancy expired!