Global Technology Compliance and Opertional Risk - GIS BISO Oversight

Description

This job is responsible for executing second line of defense compliance and operational risk oversight for a Front Line Unit, Control Function, and / or Third Parties.

Key responsibilities include ensuring requirements of the Global Compliance Enterprise Policy, the Operational Risk Management Enterprise Policy (collectively the Policies ), the Compliance and Operational Risk Management Program and Standard Operating Procedures are implemented and identifying, challenging, escalating, and mitigating risks in a timely manner.

Responsibilities :

Assesses risks and effectiveness of Front Line Unit (FLU) processes and controls to ensure compliance with applicable laws, rules, and regulations, while responding to regulatory inquiries, other audits, and examinations

Engages in activities to provide independent compliance and operational risk oversight of FLU or Control Function (CF) performance and any related third party / vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively the Policies) and the Compliance and Operational Risk Management Program and Standard Operating Procedures

Identifies and escalates problems or issues that arise and drives actions to address the root causes that lead to compliance risk issues and / or operational risk losses

Manages inventory of processes, risks, controls, and associated metrics for risk appetite and limits, reporting violations of compliance or regulatory activities

Assists in the development of independent risk management reporting for respective area(s) of coverage as input into country / regional governance and management routines

Analyzes and interprets applicable laws, rules, and regulations to provide clear and practical advice to stakeholders, and identify and manage risks

Reviews and challenges FLU / CF process, risk, Single Process Inventory, and FLU / CF Risk and Control Self-Assessment related to themes or trends, while monitoring the regulatory environment to identify regulatory changes applicable to area(s) of coverage

Skills : Advisory

Advisory

Monitoring, Surveillance, and Testing

Regulatory Compliance

Reporting

Risk Management

Critical Thinking

Influence

Interpret Relevant Laws, Rules, and Regulations

Issue Management

Policies, Procedures, and Guidelines Management

Business Process Analysis

Decision Making

Negotiation

Process Management

Written Communications

Position will provide Compliance & Operational Risk Oversight multiple GIS BISO functions including BISO Operations & Vertical BISO’s. The role requires you to :

• Act as Risk Officer for Secure By Design Process
• Have Oversight on Cloud Security (SaaS) process
• Overseeing Self Service & Dynamic Code Scans, review of SBOM & Threat Model process as controls
• Advise GCOR Risk Specialists on performing their monitoring exercises and assist them in day to day activities.
• Review GIS Policy Exceptions Operations and enhance monitoring coverages
• Perform In-Line reviews and provide GCOR PoV on in-line reviews.
• Responsible to connect with stakeholders on a periodic basis
• Responsible to conduct Targeted Risk Assessments
• Challenge GIS BISO Operations processes and activities as appropriate
• Communicate with Executives on a regular basis on your assigned area of coverage / oversight.

Technical Skillsets :

• Expertise in network security principles and technologies.
• Deep understanding of transmission protocols and secure communication channels.
• Knowledge of secure by design principles.
• Good understanding of Cloud Security Principles
• Experience performing threat modeling using frameworks like STRIDE , IruisRisk.
• Knowledge of Software Development and in-depth understanding of API’s.
• Proficiency in conducting technology reviews to assess security controls and identify gaps.
• Understanding of application scanning tools like CheckMarx / Invicti (NetSparker)
• Solid grasp of security architecture principles and best practices.
• Relevant certifications such as CISSP, CCSP, CISA, CISM, or CRISC are highly desirable.

Required / Desired Qualifications :

• Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred.
• 10+ years of experience in Cyber Security with expertise in multiple information security domains including Cloud.
• Proven track record of developing and implementing security strategies in complex environments.
• Strong leadership and communication skills, with the ability to influence stakeholders at all levels.
• Excellent problem-solving abilities and attention to detail.
• Ability to thrive in a fast-paced and dynamic environment.

Additional Qualifications / Responsibilities :

Communicates and Influences with Impact :

Communicates complex ideas in a way that is clear, direct, concise, simple and contextual; avoids jargon

Shapes the opinions and actions of others, gaining trust & commitment for desired outcomes

Adjusts style and personalizes message to best connect with others; inspires others to follow his / her lead

Constructively challenges; supports opinion and recommendations with facts and data

Shares opinion with confidence; is persistent and tenacious for what is right

Demonstrates productive edge, appropriately voicing and challenging opinions

Demonstrates productive partnering with various stakeholders across the enterprise at all levels

Role models effective communication and influence; develops others on this skill

Demonstrated Business Acumen :

Deep understanding of the organization's overall strategies and how the business operates

Deep understanding of what drives success through subject matter expertise of the products, customer and channels leveraged within the FLU

Identifies and influences business improvements and solutions - Proactively engages team / peers to transfer knowledge of the business

Makes tough business and people decisions

Demonstrated behaviors may include but are not limited to :

Demonstrates the ability to remain flexible and adaptable in order to learn / apply new concepts and stay current on emerging trends (i.e. new technology)

Asks questions in an effort to understand, drawing connections and similarities in order to frame new challenges / opportunities;

leverages information to take calculated risks

Proactively brainstorms and researches a wide range of options to find the best solutions to address opportunities

Proactively engages others for feedback as an opportunity to drive improvement (for self and the business)

Delivers Results Through Management & Operational Excellence :

Demonstrates a deep understanding of owned processes and continually seeks opportunities to simplify and improve

Leads the execution of strategies through establishing clear accountability for self and the team

Raises performance expectations through planning and establishing routines to ensure goals are achieved

Proactively identifies and removes barriers

Leads change and gets team and key stakeholders on board

Cultivate Talent & Organization :

Creates and leads an environment that values diversity, where people can speak up, share bad news and get better outcomes through dialogue and debate

Actively builds a pipeline of strong, diverse talent

Actively manages the growth and development of talent; takes genuine interest in and provides support for their development

Broadly shares accountability and responsibility with others

Contributes to building motivated, high performing teams; inspires them to achieve more

Recruits, develops and aligns talent needed to meet business goals

Delivers Second-Line Risk Management :

Commanding knowledge of the Compliance & Ops Risk Program and its application to daily work activity and team priorities; educates others

Commanding knowledge of how laws, rules and regulations apply to businesses, functions, products, jurisdictions and / or the enterprise and stays current on changes; educates others

Understands and educates others on the business processes (design through execution), the role of effective controls and the potential impact to operational losses

Directly or via a team, assesses for and identifies compliance and operational risks in the activities of a FLU / ECF or the Company (EAC) through monitoring, assessment and testing activities

Directly or via a team, documents, analyzes, reports and escalates as needed risk issues (e.g., control weaknesses, violations, metric breaches);

synthesizes the data for emerging trends or systemic issues

Directly or via a team, drives the mitigation of compliance and operational risk through means such as policy reviews and updates, issue remediation / action plans, and training needs;

determines approach and possible solutions

Communicates risks and issues concisely, clearly and timely; drives transparency and accountability with appropriate parties

Executes risk governance and management routines

Ensures compliance and operational risks are considered in business activities, including product development and business process changes;

uses risk lens when advising the business

Escalates risks not being mitigated in a timely manner to appropriate leaders and senior management, regulators and Board of Directors as warranted

Demonstrates Analytical Capabilities

Leads analysis integrating facts, data, and information to draw accurate conclusions in order to identify root cause

Leverages internal / external perspectives and benchmarking to identify potential solutions

Develops useful and realistic alternative solutions to problems; selects the best course of action based on pros, cons, timing, and available resource

Shift :

1st shift (United States of America)

Hours Per Week :