HERE’S HOW YOU’LL CONTRIBUTE:
Security Controls and Compliance:
Conduct independent, comprehensive assessments of management, operational, and technical security controls to evaluate their effectiveness and ensure compliance with organizational standards.
Lead or support the development and implementation of remediation plans to resolve identified control deficiencies. Conduct pre-validation testing to confirm action plan completion and mitigate risks.
Administer and maintain artifacts to support a secure Trust Center, enabling customers to access relevant security information.
Utilize and manage the GRC (Governance, Risk, and Compliance) tool to oversee the security controls program, perform operational tasks, and recommend improvements for efficiency.
Support the implementation and maintenance of IT General Controls (ITGC) and IT Application Controls to strengthen the organization's compliance posture.
Assist in developing and implementing FCT’s IT Risk Governance Framework and conducting IT certifications or annual assessments to minimize information security risks.
Ensure compliance with industry frameworks and standards such as ISO 27001, SOC 2, PCI DSS, NIST CSF, CSA-CCM, and CSA-CSTAR.
Audit and Risk Management:
Manage internal, external, third-party, and client-initiated audit activities, acting as the primary liaison between auditors and IT/business units.
Serve as the escalation point for audit-related issues, delays, or concerns, supporting stakeholders throughout the audit lifecycle.
Collaborate with the Legal and Compliance team to track and remediate IT issues identified during audits, attestations, or project assessments.
Contribute to security risk assessments for processes, projects, and vendors, identifying and implementing necessary controls to mitigate risks.
Operational and Stakeholder Support:
Build and maintain strong relationships with stakeholders across the first, and third lines of defense, including Risk, Compliance, and Audit teams.
Participate as a Subject Matter Expert (SME) in RFP responses, addressing information security components to meet client requirements.
Monitor and manage periodic control reviews, ensuring timely completion of assigned security tasks and reporting schedules (weekly, monthly, quarterly).
Assist in implementing and managing physical access controls for assigned office and data center locations.
Continuous Improvement and Best Practices:
Stay informed about industry trends, best practices, and emerging developments in security and risk management.
Promote effective security practices, technologies, and processes in collaboration with stakeholders such as Legal, Finance, Compliance, and HR.
Identify opportunities for improvement in tools, processes, and security practices to enhance operational efficiency and risk mitigation.
Communicate effectively with technical and non-technical audiences, utilizing strong written and verbal communication skills.
HERE’S WHAT YOU’LL BRING:
5 + years’ work experience in IT compliance or governance groups and/or information security groups within financial or insurance industry setting
College or university degree in Information Technology or related discipline
CISA, CISM and/or CISSP is required for this position
Experience defining audit objectives and control processes related to financial reporting, PCI DSS, ISO 27001:2022 and CSAE3416/SOC 2
Experience in coordinating audit activities with internal and third party auditors