Lead Control Management Officer

In this role, you will:

• Lead complex initiatives designed to mitigate business-specific current and emerging risks with broad impact
• Engage in proactive Business Risk identification and assessment of existing and emerging Risk, recommend improvements by providing expertise in the control design to effectively mitigate risks, including means of measurement.
• Ensure the effective development, maintenance, implementation, and ongoing enhancement of the business control environment through execution of the Risk and Control Self-Assessment (RCSA) program.
• Engage in the development and implementation of new Business controls, root cause analysis of gaps and assist with the development of corrective action plans to address any control weaknesses or gaps and identifies opportunities for enhancements
• Gather and analyzes data to understand and diagnose issues; Assesses and designs appropriate metrics to inform and monitor the health of the operational risk environment.
• Monitor, measure, evaluate, and report on the impact of decisions and controls to the relevant business group or functional area
• Support the Business with implementation of Control programs by providing consultative guidance.
• Ensure that business control issues are proactively identified and addressed appropriately, escalating where necessary.
• Supports a strong risk management culture through the implementation of key risk management programs into the standard operating framework of the business.

Responsibilities:

• TCOPM Program Governance: Facilitate and coordinate the Internal Control (ICP) and Risk and Control Self Assessment (RCSA) policy and controls data quality hygiene monitoring, governance for technology teams, ensuring the timely identification and remediation of gaps. 
• Subject Matter Expertise: Serve as a subject matter expert on ICP policy, RCSA methodologies, frameworks, and best practices. Provide guidance and support to technology teams in understanding and remediating policy or data hygiene quality gaps.
• Process Engineering & Tooling: Quickly develop efficient and structured workflow and communication protocols for immature processes and significant opportunities for efficiencies.
• Risk Identification and Assessment: Collaborate with technology teams to identify and assist with alignment of controls to the risk portfolio with agreement from Risk Assessible Unit (RAU) Owners and other key stakeholders. 
• Stakeholder Engagement: Collaborate with various stakeholders, including technology teams, risk management functions, internal audit, and compliance, to facilitate effective communication and alignment throughout the TCOPM governance process.
• Training and Awareness: Develop and deliver training programs and workshops to enhance technology teams' understanding of the process, risk management concepts and control frameworks, ICP, RCSA policy requirements or controls data hygiene quality standards.  
• Reporting and Documentation: Prepare comprehensive reports and documentation summarizing TCOPM process, key decisions, findings, gap remediation, etc. Present findings and recommendations to senior management and relevant committees via expert verbal and/or written communications.

Essential Qualifications:

• Minimum of 15 years of experience in technology risk and control management, leading and collaborating with a complex group of stakeholders
• Strong knowledge and experience in risk control self-assessment methodologies, risk frameworks, and technology risk management practices.
• Excellent facilitation and coordination skills, with the ability to engage and guide cross-functional teams effectively.
• In-depth understanding of technology infrastructure, systems, and emerging technology trends.
• Strong analytical and problem-solving abilities, with keen attention to detail.
• Effective communication and stakeholder management skills, with the ability to build relationships and influence at all levels of the organization.
• Demonstrated knowledge of Technology and Security risk framework – COBIT, FFIEC, NIST, ITIL, COSO, BASEL, and OCC Heightened Standards
• Professional certifications such as CISA, CISSP, CRISC, or equivalent are highly desirable.
• Bachelor's degree in Computer Science, Information Systems, or a related field. Advanced degree preferred.