[ref. r8551902] Technology Controls Testing, ETRM - Manager

Job Description

Who we are

It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. ETRM in its capacity as Second Line of Defense (SLOD) is responsible for leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, security, and resiliency.

Who we are looking for

Controls Testing and Assurance is a key function within SLOD to evaluate Information Technology controls to provide independent feedback on the adequacy of controls. As a representative of the ETRM group, you will be amid State Street's multi-year technology transformation journey and regulatory requirements and responsible for providing independent risk oversight, review and challenge on technology risk controls testing and assurance program.

What you will be responsible for

As an Officer, Technology Controls Testing - ETRM, you will be responsible for:

• Execute Test of Design (TOD) and Test of Effectiveness (TOE) of IT controls, including entity and process level controls, IT general and application controls
• Document accurate and detailed work papers clearly describing the tests, the results of work performed, and conclusions reached.
• Manage testing artifacts, including meeting minutes, action items, risk, and issues logs.
• Recommend improvements (if any) in controls design through awareness of technology and information security focused regulatory requirements and best practices.
• Evaluate all control deficiencies, identify root causes.
• Collaborate with technology teams across the First Line of Defense (FLOD) for them to develop strong remediation plans Monitor implementation for timely remediation of control weaknesses.
• Deliver assigned projects independently on time, with limited support from management.
• Assist senior team members in completing basic research and analysis of the technology controls to develop Controls Testing and Assurance Oversight Framework influencing Policies, Controls, Risk Appetite, Procedures, and Guidelines
• Develop presentations for risk committees to highlight ETRM findings and recommendations.

What we value

• Effective communication, analytical, and project management skills
• Ability to multitask and navigate competing priorities.
• Initiative-taker, Navigating on your own.
• Ability to effectively develop and manage relationships across core stakeholder groups.
• Must be able to work during US and India time zones with the overlap of at least 4 hours.

• Experience of working within controls testing and assurance functions with knowledge of controls design, test procedure development.
• Knowledge of Information Technology General Controls (ITGC), Risk and Control Self-Assessment (RCSA) to evaluate application development and maintenance controls, change management controls and cybersecurity controls etc.
• Knowledge of domains under ITIL (Information Technology Infrastructure Library) Practices
• Technology Management (Software Development and Management, Infrastructure and Platform Management)
• Service Management (Availability Management, Capacity and Performance Management, Change Management, Incident Management, IT Asset Management etc.)
• A strong understanding of Technology Risk Management to influence leaders on the need to embrace risk reduction initiatives and controls.
• Excellent communication, interpersonal, presentation and intergroup skills
• Proficient in Excel, Word, Flowcharting, PowerPoint etc.

• Graduate in Computer Engineering (preferably BE / B TECH / BCA / MCA)
• Minimum 10-12 years of experience in information technology with 5-8 years of relevant experience in controls testing and assurance function.
• Experience with Risk Management and Technology Audits
• Strong project management abilities, critical thinking, problem solving, and decision-making skills.
• Experience with Microsoft Tools/Data Analytics/Dashboards is a plus.
• Information Security certifications like ISO27001, CRISC, CISA, CISM, CISSP etc.