Job #712: IT Risk and Controls Supervisor - Iselin, NJ (3-7-18)

  • Job Title: IT Risk and Controls Supervisor
  • Location: Iselin, NJ
  • Salary: open

Job Description:

Responsible for the implementation of the first line of defense IT Risk and Control (ITRC) framework. Will be responsible for playing a lead role in the creation of the IT department's ITRC framework and for the performance of risk and control self-assessments ("RCSA").


  • Define and document the IT department risk and control procedures, standards and framework.
  • Responsible for responding to the risks identified and ensure that responses are recorded in an IT Risk Register.
  • Providing guidance to other IT and information security senior management personnel in designing, developing and implementing sound risk management controls in accordance with Bank standards.
  • Provide input to the core IT Risk Management team in order to incrementally improve the effectiveness and efficiency of IT Risk processes and reporting.
  • Facilitate the gathering of relevant IT Risk KPI and KRI data, in order to supply timely and relevant reporting for the area, but also to feed into enterprise level IT Risk reporting.
  • Develop IT Risk Management standards that align to industry best practices and ensure effective processes are in place to identify measure, manage, monitor and report on IT risks.
  • Manage the performance of the annual IT/Infosec risk assessment, which entails facilitating workshops with senior leadership within the IT, IS and business areas.
  • Play a lead role in the development of the Bank's IT Risk and Control Self-Assessment ("RCSA") program by providing guidance to key stakeholders, and partnering with information technology management personnel.
  • Organize and schedule the execution of IT Risk reviews in order to maximize efficiency and enable focus on the areas of highest risk.
  • Drive and influence measurement processes / success criteria, while demonstrating continuous improvement in approach and execution.
  • Manage control process validation to ensure compliance with laws, rules and regulations.
  • Working with the relationship owner and any applicable 3rd parties to create and track an action plan for remediation of identified issues.
  • Perform scenario analyses of effectiveness of controls surrounding key processes and to identify remediation for gaps to mitigate IT risks.
  • Become a subject matter expert in the Bank's IT Risk program, including its foundational components (the ITRC framework and the defined KRIs), processes, scoring methodology, key reports and structure.
  • Lead the execution of scheduled risk profiling and assessment exercises, and convey the results to senior & executive leadership, including identified risk issues.
  • Analyze existing and proposed legislation, regulatory announcements, and industry practices, and assist IT management in the development and implementation of procedures to meet these requirements.
  • Partner with other departments as needed to respond to reports issued by regulatory agencies or internal or external audit.
  • Creating, developing, testing, implementing, executing and ongoing maintenance of IT risk metrics and IT risk reporting generated across the organization.
  • Assist in the development of management dashboard reporting to track progress of key deliverables as well as monitoring of key performance and risk indicators.
  • Monitor and ensure "at risk" metrics or past due program deliverables are reported, escalated and plans developed to remediate issues.
  • Present results to executive leadership (including the COO) at IT steering committee meetings.

Supervisory Responsibilities: 

  • Sr. SOX Control Specialist and IT Supplier Management Sr. Specialist


  • BA / BS in IT or a related field.
  • 5+ years' experience in IT risk management, preferably for a financial institution.
  • 10-15 years of IT, Audit and/or business/industry work experience.
  • Solid understanding of risk control frameworks (i.e., inherent risks, control procedures, residual risk, etc.) as well as the execution of IT Risk management processes and governance.
  • At least one IT Risk management or governance certifications, such as CISA/CRISC/CGEIT/CISSP Certifications.
  • Experience with Risk Control Self-Assessment (RCSA) or equivalent risk assessment programs.
  • Practical implementation of IT Risk and policy frameworks, ideally as an IT risk or security practitioner.
  • Experience leveraging IT risk frameworks and a strong understanding of industry best practices, such as NIST, ISO 27001, COBIT, OWASP and ITIL.
  • Negotiation and influencing skills; strong collaborator and ability to work with diverse groups.
  • A sound knowledge of banking activities, including retail and commercial banking, risk management techniques and the current regulatory environment in the U.S. Financial Service Industry.
  • Strong communication and management skills.
  • Ability to work in a fast paced, quickly changing environment.
  • Significant amounts of information flow through this position requiring the ability to review, assimilate, prioritize, and make decisions.
  • Ability to work occasional extended hours as needed.
  • Proficient in MS Excel & PowerPoint.
  • Highly organized and detail-oriented; strong judgement and problem solving skills.
  • Experience as an IT practitioner with focus on one or more subject areas -- application development, infrastructure, technology resiliency, IT security, production management.

Intterested candidates shoudl contact Andy Ellsweig at:  Please mention that you are a member of EisnerAmper's Friends of the Firm program.  Make sure to copy Nkrumah Pierre,, and Jennifer Rosener,, on your email.