Who we are
It is an exciting time to join State Street Corporation (SSC) in the Enterprise Technology Risk Management (ETRM) organization. ETRM in its capacity as Second Line of Defense (SLOD) is responsible for leadership, oversight, monitoring, and advisement around the technologies, architecture, operational processes, security, and resiliency.
Who we are looking for
Controls Testing and Assurance is a key function within SLOD to evaluate Information Technology controls to provide independent feedback on the adequacy and effectiveness of controls. As a representative of the ETRM group, you will be amid State Street’s multi-year technology transformation journey and regulatory requirements and responsible for providing independent risk oversight, review and challenge on technology risk controls testing and assurance program.
What you will be responsible for
As an AVP, Technology Controls Testing – ETRM, you will be responsible for:
- Develop and document a risk-based annual technology control testing and validation plan
- Execute Test of Design (TOD) and Test of Effectiveness (TOE) of IT controls, including entity and process level controls, IT general and application controls
- Document accurate and detailed work papers clearly describing the tests, the results of work performed, and conclusions reached.
- Manage testing artifacts, including meeting minutes, action items, risk, and issues logs.
- Recommend improvements (if any) in controls design through awareness of technology and information security focused regulatory requirements and best practices.
- Evaluate all control deficiencies, identify root causes.
- Collaborate with technology teams across the First Line of Defense (FLOD) for them to develop strong remediation plans; Monitor implementation for timely remediation of control weaknesses.
- Deliver assigned projects independently on time, with limited support from management.
- Develop Controls Testing and Assurance Oversight Framework influencing Policies, Controls, Risk Appetite, Procedures, and Guidelines
- Develop presentations for risk committees to highlight ETRM findings and recommendations
Team Management
- Work with, leverage, and mentor other control testers to maximize impact and throughput
- Live and define a culture, value and practice leadership principles.
- Attract and retain great people; Know each individual’s capabilities and aspirations; Invest in the growth of others.
What we value
These skills will help you succeed in this role.
- Effective communication, analytical, and project management skills
- Ability to multitask and navigate competing priorities.
- Initiative-taker, Navigating on your own.
- Ability to effectively develop and manage relationships across core stakeholder groups.
- Must be able to work during US and India time zones with the overlap of at least 4 hours.
Primary Skills (Must Have)
- Experience of working within controls testing and assurance functions with knowledge of design, and test procedure development of technology controls.
- Knowledge of Information Technology General Controls (ITGC), Risk and Control Self-Assessment (RCSA) to evaluate application development and maintenance controls, change management controls and cybersecurity controls etc.
- Knowledge of domains under ITIL (Information Technology Infrastructure Library) Practices
- Technology Management (Software Development and Management, Infrastructure and Platform Management)
- Service Management (Availability Management, Capacity and Performance Management, Change Management, Incident Management, IT Asset Management etc.)
- A strong understanding of Technology Risk Management to influence leaders on the need to embrace risk reduction initiatives and controls.
- Excellent communication, interpersonal, presentation and intergroup skills
- Proficient in Excel, Word, Flowcharting, PowerPoint etc.
Education & Preferred Qualifications
- Graduate in Computer Engineering (preferably BE / B TECH / BCA / MCA)
- Minimum 14+ years of experience in information technology with 6-10 years of relevant experience in controls testing and assurance function.
- Experience with Risk Management and Technology Audits
- Strong project management abilities, critical thinking, problem solving, and decision-making skills.
- Experience with Microsoft Tools/Data Analytics/Dashboards is a plus.
- Information Security certifications like ISO27001, CRISC, CISA, CISM, CISSP etc.
