- Brooklyn, NY, États-Unis
- CDI, Plein-temps
Cybersecurity & Technology Controls – Audit & Regulatory, Controls Attestations
- Brooklyn, NY, États-Unis
Cybersecurity & Technology Controls – Audit & Regulatory, Controls AttestationsThe CIB CTC Audit & Regulatory, Controls Attestation team manages planning and execution of 3 rd party attestation engagements (SOC1, SOC2, ISAE 3402, AT-C 205) as well as ensure readiness and remediation across internal/external audit and regulatory exam scopes, ensuring ability to meet the demands of external clients across lines of business. Remediation includes management of audit findings, root cause analysis, regulatory intelligence and change management.
The Associate role will support Audit & Regulatory team functions, and requires liaising with various stakeholders including Technology Risk & Controls managers, technology management as well as interfacing with external and internal auditors to help facilitate execution and reporting across the global technology and technology risk functions. Successful execution of responsibilities requires strong organizational and written and verbal communication skills.
Support team leads in coordination of execution of CIB controls attestation programs may include -
- Facilitate program readiness processes, including scope validation and reference data tracking and attestations, to validate that key risks are addressed prior to initiation of audits
- Engage with Client Services and Relationship Management teams to support responses to firm clients concerning audit contents and results
- Monitoring and facilitation of execution of ongoing engagements in progress
- Examine results of internal / external audits for potential cross-impacts on other program
- Tracking and assessment of IT control testing exceptions, identification relevant compensating controls for deficiencies and oversee remediation, validation and closure of deficiencies within defined timeframes
- Promote development of educational / guidance resources for use by Technology Risk & Controls and Technology personnel
- Support development of New Reports: Partner with internal business owners, O&C and external auditors to identify appropriate form of reporting (e.g., SOC1, SOC2, AT-205, etc.) to meet client and/or regulatory requirements; taking the lead in report development, readiness and execution.
- Ensure quality standards are achieved in development and maintenance of program documentation
- Development of educational / guidance resources for use by Technology Risk & Controls and Technology personnel
- Track and communicate overall progress of various program, ensuring complete and timely reporting on program status to senior management stakeholders
- Knowledge of information technology and auditing of IT general computer controls. "Big 4" IT controls audit experience, with Senior Associate level audit experience preferred
- Strong organization and written communication -- including documentation and reporting -- skills
- High energy and a passion for the delivery of high quality project outcomes
- Project management skills, with proven ability to deliver quality results in a deadline-driven environment
- Results oriented, strong sense of ownership, detail oriented, quality-focused
- Ability to work effectively in a global team environment and drive results in a matrixed organization