Job Description
A banking services company in New York City is seeking a new Risk & Controls Manager to join its Information Security GRC (Governance, Risk & Compliance) team. In this role, the Risk & Controls Manager will be responsible for assessing and managing IT and cybersecurity risks, ensuring the effectiveness of internal controls, and supporting regulatory compliance efforts. β’ **This position can be Remote or Hybrid in NYC. If remote, candidates must work EST hours*** Responsibilities: β’ Evaluate internal IT and Information Security controls to ensure alignment with internal policies, regulations, and industry standards β’ Manage and maintain the Information Security Controls Catalog β’ Oversee GRC platform functionalities such as policies, control libraries, risk assessments, and issue tracking β’ Report on cyber risk and control posture to the CISO and other senior stakeholders β’ Develop, document, and validate control procedures to strengthen the control environment β’ Support remediation efforts and the implementation of corrective actions for control gaps β’ Track and monitor results of risk assessments and control testing using dashboards and reporting tools β’ Mentor and manage junior team members, fostering knowledge-sharing and team development β’ Drive improvements in daily operational processes for greater efficiency and effectiveness Qualifications: β’ 5+ years of experience in Information Security, IT Risk Management, Controls Assurance, or related domains β’ Bachelor's or Master's Degree in Computer Science, Engineering, Information Systems, or a related discipline β’ Solid understanding of cybersecurity principles, risk management, and control frameworks β’ Hands-on experience with GRC platforms (e.g., Archer, ServiceNow, MetricStream) β’ Strong written and verbal communication skills Desired Skills: β’ Experience in the Financial Services industry or other highly Regulated environments β’ Professional certifications such as CISA, CISM, CRISC, or similar β’ Working knowledge of industry-standard frameworks, such as: NIST CSF; NIST 800-53; ISO 27001; COBIT, CIS Controls; CSA CCM; etc. β’ Experience in the Financial Services industry or other highly Regulated environments β’ Exposure to the Cyber Risk Institute (CRI) profile or similar Regulatory-aligned Cybersecurity frameworks β’ Familiarity with Emerging Technology Controls, including AI governance and NYDFS Cybersecurity requirements Apply tot his job