Vulnerability Risk Specialist

The Information Security Consultant will support planning, execution, and reporting of operational and system IT internal controls and risk management within the organization.

This role will act as a point of contact for Cybersecurity Governance, Risk, and Compliance. The role will work closely with Technology functional teams and internal business lines in the day-to-day operational delivery of the overall Cybersecurity Compliance program.

Teaming with the Cybersecurity Compliance Manager, the Information Security Consultant will:

• Monitor changes in business processes, information systems, management, and operations, and accordingly maintain an assessment of risk.
• Build and maintain productive relationships with process owners.
• Through effective leadership, ensure audits of control effectiveness and design and other projects are completed in an efficient manner, and within established deadlines.
• Through the effective review of department work, ensure that the assessments of the internal control structure related to processes audited are supported through sufficient and adequately documented evidence.
• Continually evaluate the efficiency and effectiveness of the internal controls and department functions, and identify areas of improvement.
• Assist with internal investigations.
• Promote good practice of Information Security Compliance to staff and associated contractors.
• Provide direct and specific guidance to the department internal control process owners as appropriate for each process owner of the department and the work being performed.
• Perform risk assessments related to controls in scope for work being performed.

Responsibilities

• Maintain awareness of current compliance, audit professional standards and any associated legislation changes, and apply where appropriate to the internal IT controls and audit function.
• Maintain awareness of current issues and significant changes within the business environment and business processes.
• Periodically determine the need for revisions to control processes.
• Demonstrate effective interaction with all levels of management and business partners.
• Review specific control risk assessments to ensure efficiency and effectiveness in addressing key risks associated with the respective auditable entity or entities.
• Review risk questionnaire submissions to identify key risks associated with the respective vendor/service and work with stakeholders to mitigate and advise.
• Ensure that appropriate communication has been made in advance with compliance and internal process & service owners regarding the timing and logistics of each audit and review.
• Anticipate problems and obstacles to the timely and efficient completion of audits and compliance reviews. Recommend solutions to anticipated and incurred problems and obstacles impeding the timely completion of such audit and reviews.
• Through an understanding of internal controls, standards and applicable policies, procedures, and country regulations, review evidence to ensure the assessment of the effectiveness and efficiency of internal controls is adequate and sufficiently supported and documented, and the departmental and professional standards are adequately upheld.
• Ensure issues and exceptions are fully identified and properly defined, and recommendations are adequately formulated to address the root cause of identified issues in a beneficial manner.
• Ensure issues and recommendations are adequately and effectively communicated to owners on a proactive basis during the course of each audit or review.
• Review final process owners responses for adequacy and completeness.
• Ensure appropriate and timely follow-up audit work is performed to properly update the status of outstanding reported issues, and adequate communication is provided to management on a proactive basis.
• Use the firm's various methods of internal communication to direct colleagues and the wider organization to current, new policies and essential compliance information.