Vice President, Technology Risk

Position Description: 

Manages and oversees all external audit activity related to financial reporting, independent controls attestation, and compliance with regulatory requirements. Oversees external audits and technology risk support for inquiries from technology and operational stakeholders. Manages systems and technology for external audit activity, including attestation and financial statement audits. Draws on in-depth knowledge of the business or function to provide business unit-wide solutions. Researches and recommends new technologies in support of the strategic direction of the business unit and participates in the research and recommendation of appropriate models, methods, tools, and technologies to achieve business-unit-wide solutions. Provides leadership, technical supervision, and expertise to multiple teams in broad technical areas on complex organization-wide projects and drives standardization and best practices across the firm. 

Primary Responsibilities: 

• Manages systems and technology for external audit activity, including attestation and financial statement audits. 

• Ensures control readiness for externally audited systems moving to external Cloud. 

• Consults on enterprise DevOps strategies. 

• Responsible for readiness, oversight, and program management for newly implemented SOC 2 audits. 

• Establishes and leads teams into Type 2 engagement or future trust services criteria as required. 

• Transforms current “reactive” approaches to controls design or inspection to proactively manage the system scope of external audits and inspection procedures. 

• Oversees externally audited databases, Cloud, and SaaS application and database providers 

• Ensures risks are identified and controls are documented, certified, tested, and monitored. 

• Assesses the usefulness of pre-developed application packages and adapts them to user environments. 

• Consults with management to ensure agreement on system principles. 

• Coordinates and links computer systems within an organization to increase compatibility. 

• Manages relationship with external audit firm. 

• Works across groups to identify opportunities for organization-wide technology initiatives. 

• Identifies and plans for future resource needs. 

• Determines technical approaches at a strategic level for the business unit. 

• Oversees the technical implementation of cross-divisional or company risk components. 

• Initiates and drives project or strategy discussions with users or external groups to resolve issues. 

• Sets vision, goals, and direction of team/organization. 

• Plans and leads organization-wide initiatives. 

Education and Experience: 

Bachelor’s degree (or foreign education equivalent) in Computer Science, Computer Information Systems, Engineering, Information Technology, Information Systems, Mathematics, Physics, or a closely related field and six (6) years of experience as a Vice President, Technology Risk (or closely related occupation) leading or coordinating internal or external audit functions in a financial services environment.  

Or, alternatively, Master’s degree (or foreign education equivalent) in Computer Science, Computer Information Systems, Engineering, Information Technology, Information Systems, Mathematics, Physics, or a closely related field and four (4) years of experience as a Vice President, Technology Risk (or closely related occupation) leading or coordinating internal or external audit functions in a financial services environment. 

Skills and Knowledge: 

Candidate must also possess: 

• Demonstrated Expertise (“DE”) coordinating external audit engagements within a large distributed enterprise with multiple product offerings -- SOC 1, SOC 2, SOC 3, controls attestation reports, financial audits, and ISO 27001 external IT audit programs; facilitating workshop meetings and walkthroughs with internal IT organizations and external auditors; coordinating responses to auditor requests for information with internal IT organizations; maintaining in-scope IT General Control (ITGCs) documentation and procedures; providing recurring management status reporting; and developing communications for internal and external audiences. 

• DE executing an IT controls assurance program by identifying and designing new controls, evaluating control procedures and evidence documentation, and conducting control assessments through formal design and operating effectiveness reviews; and establishing control maturity and control/process enhancements using industry control frameworks – AICPA Trust Service Criteria, ISO 27001 certification standard, ISO 27002 code of practice for information security management, and NIST Cybersecurity. 

• DE performing risk management and IT audits; implementing cybersecurity controls for large-scale, complex IT infrastructures -- mainframe, distributed, network, cloud, vendor hosted (SaaS/PaaS) -- within a financial services environment; and creating executive communications focused on risk, impact, and corrective actions using existing Governance, Risk, and Compliance (GRC) tools (RSA Archer or IBM Open Pages). 

• DE leading teams and associates in management of governance and oversight functions; and coordinating risk/controls, cybersecurity, and IT audits, within large, complex, and distributed financial services organization. 

#PE1M2 

#LI-DNI