Risk & Controls Specialist

Job Description

IntroductionTo innovatively support the heavily regulated Financial Services Industry, a $260B Cloud market opportunity, IBM has established a Cloud solution tailored for the financial services sector, an extremely differentiated Cloud that accelerates our customer s business transformation with our IBM Cloud, Global Business Services and Global Technology capabilities.The IBM Cloud for Financial Services is designed to address cybersecurity and regulatory challenges as well as provide the benefits and flexibility of a public cloud in a secure and compliant environment, enabling financial institutions, Independent Software Vendors (ISV) and FinTech s to host applications and workloads in the Cloud with confidence and trust.To achieve its aims, IBM is seeking a Risk & Controls Specialist with financial services, cybersecurity, and technology risk management expertise to join the team. The Specialist will be part of the Control Assessment Service (CAS) program that allows clients to assess their current cloud risk and control posture to an industry informed framework.Your Role and Responsibilities The Risk & Controls Specialist provides support for those looking to take a risk-centric approach to their digital transformation for application modernization to cloud. This role also helps clients and internal IBM partners to understand key security issues, risks, exposures and to develop approach to meet business needs. Key areas of responsibility include:
• Controls Mapping & Assessment: Partner with the team to produce controls mapping assessment reports showing how the IBM Cloud Framework for Financial Services control requirements compares to key industry and regulatory standards/frameworks, as well as the financial institutions (FIs) internal control frameworks. Specialist should be ready to provide organization and thought leadership to ensure that the overall mapping program remains agile, rapid and scalable. Specialist will also employ data analytics tools and related automation, e.g., AI, to drive controls intake process and initial gap analysis. To achieve program aims, the Risk Specialist should:
  • Ensure program initiatives continue to align to organizational objectives.
  • Develop program assessment methods to drive efficiencies and evaluate service for ongoing improvement.
  • Determine whether financial institution (FI) has a scrutable control set managed by a strong enterprise risk management function.
  • Coordinate multiple in-flight assessments, ensuring program aims are delivered in a timely manner.
  • Evaluate and overcome program risks and produce program reports for internal management & other key stakeholders.
  • Contribute to development and on-going enhancement of Risk & Insights program methodology/process documentation.
  • Maintain team s Key Performance Indicators (KPIs) and Service Level Agreements (SLAs)
• IBM Cloud Framework for Financial Services: Support effectiveness and continuous enhancement of the controls framework and associated methodology that drives the security and risk architecture. Related engagement may include efforts to:
  • Coordinate with the IBM Public Cloud CISO, Compliance teams, Offering/Product Management and strategic partners in confirming completeness and on-going enhancement.
  • Provide subject matter expertise to strengthen controls design and implementation effectiveness.
  • Work with architecture and security in strengthening the controls implementation and effectiveness.
  • Help support development of client and internal facing collateral providing insights and transparency.
• Client and Service Partner Risk & Controls Enablement: Works with client and service partner account teams to support risk and controls tracks focused on winning clients.
Required Technical and Professional Expertise
• 5+ years of cybersecurity, IT risk management, IT audit and/or compliance experience, particularly within the financial services sector
• Professional certification such as CISA, CISSP, CISM and CRISC.
• Understanding of global financial services regulatory bodies that oversee technology and cybersecurity risk in the industry, e.g. FFIEC, FCS, RBI, EBA (DORA), APRA, OSFI, MAS, CMORG, ECUC, EUCS etc.
• Prior experience of proof reading/interpreting regulations along with ability to gauge possible associated risks.
• Strong proficiency of multiple security, IT Compliance and auditing standards including but not limited to, NIST Cybersecurity Framework, NIST 800-53, COBIT, ISO 27001, CRI Profile, OWASP, ITILv3, CSA.
• Subject matter expertise in IT operations & security control domains such as cloud security, application security, change management, disaster recovery, data center operations, information security and networks.
• Exceptional leadership, time management, facilitation and organizational skills including the ability to exercise influence with or without direct management responsibility.
• Ability to utilize expertise to directly influence people outside department or function, even where no precedent exists.
• Creativity and judgment to move between multiple projects within the business.
• Demonstrated discretion and independent judgment, especially in matters of significance to IBM and clients.
Preferred Technical and Professional Expertise
• Experience with cloud transformation risk management journey.
• Practical knowledge of security in application development, DevSecOps, and threat modelling.
,

Keyskills :
it risk managementdata center operationssubject matter expertiseenterprise risk management