IT Compliance and Risk Officer

IT Compliance and Risk Officer

Summary

Our client, a leading US based wealth management firm, is seeking an IT Compliance and Risk Officer (IT/Information Security/Privacy) to join the firm’s Compliance Department. The position will be responsible for validating that the firm’s information technology, information security, and privacy programs adhere to regulatory requirements/expectations, privacy laws, industry best practices and internal policies. This role involves developing and implementing an effective “2nd Line of Defense” program for IT/Information Security/Privacy compliance monitoring and testing and providing guidance to management on related compliance and regulatory related issues and developments.

Key Responsibilities:

• Develop and implement a risk-based IT/Information Security/Privacy compliance and risk management testing and monitoring program to ensure adherence to key regulatory requirements/expectations and industry best practices (e.g., GLBA, FFIEC IT Handbooks).
• Review and provide challenge to various IT/Information Security/Privacy (GLBA) risk assessments coordinated by the firm’s IT and/or Information Security Teams.
• Develop and implement a risk-based compliance and risk management testing program specific to key IT/Information Security/Privacy (GLBA) related controls identified via risk assessment processes or otherwise.
• Provide advice and guidance to senior management on IT/Information Security /Privacy related matters and regulatory developments and expectations.
• Prepare and submit compliance reports to senior management relative to the aforementioned areas, as appropriate.
• In partnership with IT/Information Security and Legal teams, participate in investigations regarding potential data breach/incidents, incident response and remediation efforts, and provide guidance regarding communication with affected parties and regulatory notifications, where required.
• Collaborate with and provide advice and guidance to IT/Information Security Teams in connection with regulatory exam preparation efforts and Internal Audits.
• Develop and deliver training programs to educate employees on IT/Information Security/Privacy compliance related topics and regulatory developments.
• Work closely with IT/Information Security, Legal, and other business units to ensure compliance requirements are integrated into technology/information security related projects and business processes.
• Participate and/or report to appropriate governance committees responsible for overseeing IT, Information Security, and Privacy matters.

Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Business Administration, or a related field is preferred.
• 5-10 years of experience in an IT, Information Security/Privacy compliance, audit, regulatory examiner or a related field, preferably within the banking, asset management, or financial services industry.
• In-depth knowledge of relevant regulations and standards (e.g. GLBA, FFIEC IT Handbooks,
• Solid understanding of IT systems, cybersecurity, information security and data protection principles.
• Excellent analytical and problem-solving skills
• Ability to communicate effectively across various teams and levels.
• Ability to work independently and collaboratively as part of a team.
• Relevant certifications such as CISA (Certified Information Systems Auditor), CIPP (Certified Information Privacy Professional), or similar are preferred.