Address
Form of workJob Description
Position Description:
This position is for a remediation program designed to address EoL risk for technology assets. This strategic program has multi-year deliverables.
The Control and Process support position for EoL will be responsible for addressing the following program scope:
- Ensuring developed controls are:
o Well documented and control performers can provide evidence of the controls operating effectively. This is required for Technology Controls and CILA controls (2nd line of defense)
o Are understood by first line of defense testing.
o Are understood by second and third lines of defense.
- Clarifying the process for regulatory action plan closure ensuring:
o First and second line of defense testing has taken place and deemed controls effective
o Lead sheets that document the controls, governance, metrics, ORD pathways etc. that management relies on to gain comfort that the risk in the action plan has been adequately dealt with.
o Ensure consistency amongst the lead sheets and action plan closure
o Understand and provide guidance on any extra documentation needed to complete lead sheets. Track to completion.
o Understand any additional requirements that may be required for action plan closure by US Banks, Compliance, ORD, etc.
o Provide feedback on processes.
Daily Responsibilities:
- Collaborate with EoL Program Management and Information Security, Technology and Cybersecurity Testing (ITCT) to maximize efficiencies for internal control testing, and to ensure internal control reviews are performed in a timely manner
- Structure and manage both internal teams and external support teams for maximum effectiveness and impact
- Work regularly with internal business process and technology owners; help guide control remediation efforts to closure and advise on control requirements for new systems or process design
- Participate in and advise on risk and control initiatives in enterprise risk management and cybersecurity
- Inform EoL Program Management of emerging trends and leading practices in operational and IT governance, risk and compliance
- Provide value-added advice and recommendations to EoL Program Management on IT governance, risk, compliance and control improvement matters
- Document end to end process of ITCT control testing process for presentation to Senior Leadership and for review and assessment by Internal Audit teams
- Coordinate with 1st, 2nd and 3rd Lines of Defense and Bank Risk Leadership as the EoL Program teams develop end to end process documentation (e.g., control documentation, lead sheet development)
- Perform special projects as requested by the EoL Program Management
Requirements:
- A bachelor's degree in information technology, computer science, accounting, finance or business administration; master's degree a plus
- 15+ years of professional experience in Technology Management for large, global enterprises (preferably in Banking/Financial services)
- Experience leading audits in a public accounting/consulting environment, and/or experience with financial, information technology and operational audits in a multi-national company
- Public company experience required
- Previous experience with information services or technology companies strongly desired
- Experience with developing, managing, and building a team with demonstrated experience in expanding the capabilities of Internal control functions and staff
- Continuous improvement mindset with a commitment to quality and a willingness to innovate and propose alternative practices
- CISA certification preferred
- Familiarity with and understanding of major IT professional risk and control frameworks and standards (e.g., COSO framework, ISO 21000)
- Ability to build and maintain professional relationships with all levels of employees, management, and internal and external teams
- Strong project management and leadership skills
- Excellent interpersonal skills, both verbal and written
- Proficient in Microsoft Office, including Word, Excel and Powerpoint
Spruce Technology, Inc. is a mid-size, award-winning (Inc 5000, SmartCEO, Entrepreneur of the Year) technology services firm with a steadily growing portfolio of commercial and government clients. Spruce provides innovative technology solutions, specialized IT staff, and IT strategy consulting nationwide. Spruce maintains partnerships with major technology vendors and continually develops leading-edge offerings in service areas such as digital experience, data services, application development, infrastructure, cyber security, and IT staffing.
Spruce Technology, Inc. is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Consistent with the Americans with Disabilities Act, it is the policy of Spruce Technology, Inc. to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process.
This position is for a remediation program designed to address EoL risk for technology assets. This strategic program has multi-year deliverables.
The Control and Process support position for EoL will be responsible for addressing the following program scope:
- Ensuring developed controls are:
o Well documented and control performers can provide evidence of the controls operating effectively. This is required for Technology Controls and CILA controls (2nd line of defense)
o Are understood by first line of defense testing.
o Are understood by second and third lines of defense.
- Clarifying the process for regulatory action plan closure ensuring:
o First and second line of defense testing has taken place and deemed controls effective
o Lead sheets that document the controls, governance, metrics, ORD pathways etc. that management relies on to gain comfort that the risk in the action plan has been adequately dealt with.
o Ensure consistency amongst the lead sheets and action plan closure
o Understand and provide guidance on any extra documentation needed to complete lead sheets. Track to completion.
o Understand any additional requirements that may be required for action plan closure by US Banks, Compliance, ORD, etc.
o Provide feedback on processes.
Daily Responsibilities:
- Collaborate with EoL Program Management and Information Security, Technology and Cybersecurity Testing (ITCT) to maximize efficiencies for internal control testing, and to ensure internal control reviews are performed in a timely manner
- Structure and manage both internal teams and external support teams for maximum effectiveness and impact
- Work regularly with internal business process and technology owners; help guide control remediation efforts to closure and advise on control requirements for new systems or process design
- Participate in and advise on risk and control initiatives in enterprise risk management and cybersecurity
- Inform EoL Program Management of emerging trends and leading practices in operational and IT governance, risk and compliance
- Provide value-added advice and recommendations to EoL Program Management on IT governance, risk, compliance and control improvement matters
- Document end to end process of ITCT control testing process for presentation to Senior Leadership and for review and assessment by Internal Audit teams
- Coordinate with 1st, 2nd and 3rd Lines of Defense and Bank Risk Leadership as the EoL Program teams develop end to end process documentation (e.g., control documentation, lead sheet development)
- Perform special projects as requested by the EoL Program Management
Requirements:
- A bachelor's degree in information technology, computer science, accounting, finance or business administration; master's degree a plus
- 15+ years of professional experience in Technology Management for large, global enterprises (preferably in Banking/Financial services)
- Experience leading audits in a public accounting/consulting environment, and/or experience with financial, information technology and operational audits in a multi-national company
- Public company experience required
- Previous experience with information services or technology companies strongly desired
- Experience with developing, managing, and building a team with demonstrated experience in expanding the capabilities of Internal control functions and staff
- Continuous improvement mindset with a commitment to quality and a willingness to innovate and propose alternative practices
- CISA certification preferred
- Familiarity with and understanding of major IT professional risk and control frameworks and standards (e.g., COSO framework, ISO 21000)
- Ability to build and maintain professional relationships with all levels of employees, management, and internal and external teams
- Strong project management and leadership skills
- Excellent interpersonal skills, both verbal and written
- Proficient in Microsoft Office, including Word, Excel and Powerpoint
Spruce Technology, Inc. is a mid-size, award-winning (Inc 5000, SmartCEO, Entrepreneur of the Year) technology services firm with a steadily growing portfolio of commercial and government clients. Spruce provides innovative technology solutions, specialized IT staff, and IT strategy consulting nationwide. Spruce maintains partnerships with major technology vendors and continually develops leading-edge offerings in service areas such as digital experience, data services, application development, infrastructure, cyber security, and IT staffing.
Spruce Technology, Inc. is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Consistent with the Americans with Disabilities Act, it is the policy of Spruce Technology, Inc. to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process.
