Operational Risk Manager Jobs in Detroit, MI (NOW HIRING)

Maganti IT Resources LLC

Title: IT Risk & Controls Manager

Location: Detroit, MI 

Type: Permanent

Job description:

Our world-class IT organization supports an information technology driven business. We deliver industry-leading IT solutions to the "Best Online Bank" (Money Magazine, 2011 and 2012) and the leading Auto Finance Company. IT oversees critical functions that enable the day-to-day operations of the entire enterprise. 

Responsibilities include interpreting and responding to IT Open Control Matters and Risk issues for the assigned business unit or global function, train and support IT Managers to ensure common understanding is in place to meet compliance standards and resolve issues, support IT programs in conjunction with business, regulatory, and auditor expectations. Coordinate activities with internal and external auditors. Coordinate IT Management efforts in the collection and reporting of risk metrics. 

Risk and Control activities include: 

Enhance the IT control framework and help the IT organization integrate management of operational risk into their processes and practices 

Educate and train IT members in practices of risk and controls management 

Convey applicable legal and regulatory IT requirements for inclusion in standards and controls 

Develop and communicate controls required for use in SOX, project development and vendor acquisition 

Assist process owners in defining operational controls specific to their areas of responsibility 

Review existing and proposed controls for effectiveness and opportunities for improvement 

Provide guidance to management in self-assessing their own control environments 

Support organizations within IT to comply with audits, regulatory exams, assessments, and testing programs

Assist IT personnel by: 

Interpret and explaining requests from auditors, examiners, assessors, and testers 

Assist auditees in determining appropriate evidence needed to respond to requests 

Review evidence being provided by auditees to assure appropriateness, accuracy, and completeness 

Discuss potential issues with auditors and auditees to help determine if the finding is truly an issue 

Coach auditees on the development of proper action plans to address issues 

Review plans to assess effectiveness of proposed remediation and appropriateness of the timeline

Assist auditors and assessors by: 

Provide input on risks and open issues related to areas to be examined 

Assist auditors in obtaining evidence by escalating, as needed 

Consult on potential issues monitor and manage project and vendor risks 

Advise project team members on appropriate steps to identify and mitigate project risks 

Identify controls required in the project design and the steps to be taken for verification of controls

For high-risk projects: 

Review risks and risk mitigation plans prior to each tollgate 

Advise on controls to be included and steps needed to test controls 

Escalate concerns with unmitigated risks prior to go-live for projects involving application acquisition 

Assist project team in obtaining and reviewing SSAE16 or similar documentation for determining effectiveness of vendor controls 

Provide guidance for additional control evaluation needed beyond SSAE16 

Proactively manage open control matters. 

Track status of open control matters reported in the Risk Convergence Report (audit, regulatory, SOX, PCI, risk and compliance assessments, self-identified) 

Obtain status updates from action plan owners at least monthly 

Provide status of open issues to IT leadership, as well as second and third LoDs

Assist management in remediating and closing issues on time, helping to collect appropriate evidence and document request for closure, as needed 

Validate completeness of remediation efforts to maximize acceptance for closing, and minimize reopening of issues 

The IT Risk & Controls Manager reports to the Risk and Compliance Director. 

Required qualification:

5-15 years experience of Risk & Control in the banking industry 

Proficiency with Risk Management Practices 

Strong IT audit experience 

Strong Risk assessment experience 

Knowledge of ITIL processes 

Familiarity with COBIT Information Security 

Familiarity with Sarbanes-Oxley compliance 

Experience at a financial holding company (FHC) 

Experience with ISO2700x and PCI-DSS Information Security 

Familiarity with GLBA, EU Data Protection Directive, and other relevant laws and regulations 

Knowledge and experience in performing assessments aligned with FFIEC work programs

'A PLUS' 

Industry designation (e.g., CRISC, CISA, CISSP, CISM)

Strong written and oral communications skills including the ability to create organized and articulate summaries of risk assessment findings/points of view that are easily understood by teammates, LOBs, etc. 

Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues 

Familiarity with Federal Financial Institutions Examination Council (FFIEC) guidance and work plans 

Ability to work effectively as a member of a cross-functional team 

Knowledge of IT infrastructure and security 

Proficiency in Microsoft Office Applications 

Analytical and problem solving skills 

Self-motivation and direction 

Detail orientation 

Good organizational skills, ability to establish priorities 

Ability to multi-task, handle competing priorities and follow through on all open items/tasks 

Ability to travel up to 25% 

BS/BA or equivalent experience required

Title: IT Risk & Controls Manager

Location: Detroit, MI 

Type: Permanent

Job description:

Our world-class IT organization supports an information technology driven business. We deliver industry-leading IT solutions to the "Best Online Bank" (Money Magazine, 2011 and 2012) and the leading Auto Finance Company. IT oversees critical functions that enable the day-to-day operations of the entire enterprise. 

Responsibilities include interpreting and responding to IT Open Control Matters and Risk issues for the assigned business unit or global function, train and support IT Managers to ensure common understanding is in place to meet compliance standards and resolve issues, support IT programs in conjunction with business, regulatory, and auditor expectations. Coordinate activities with internal and external auditors. Coordinate IT Management efforts in the collection and reporting of risk metrics. 

Risk and Control activities include: 

Enhance the IT control framework and help the IT organization integrate management of operational risk into their processes and practices 

Educate and train IT members in practices of risk and controls management 

Convey applicable legal and regulatory IT requirements for inclusion in standards and controls 

Develop and communicate controls required for use in SOX, project development and vendor acquisition 

Assist process owners in defining operational controls specific to their areas of responsibility 

Review existing and proposed controls for effectiveness and opportunities for improvement 

Provide guidance to management in self-assessing their own control environments 

Support organizations within IT to comply with audits, regulatory exams, assessments, and testing programs

Assist IT personnel by: 

Interpret and explaining requests from auditors, examiners, assessors, and testers 

Assist auditees in determining appropriate evidence needed to respond to requests 

Review evidence being provided by auditees to assure appropriateness, accuracy, and completeness 

Discuss potential issues with auditors and auditees to help determine if the finding is truly an issue 

Coach auditees on the development of proper action plans to address issues 

Review plans to assess effectiveness of proposed remediation and appropriateness of the timeline

Assist auditors and assessors by: 

Provide input on risks and open issues related to areas to be examined 

Assist auditors in obtaining evidence by escalating, as needed 

Consult on potential issues monitor and manage project and vendor risks 

Advise project team members on appropriate steps to identify and mitigate project risks 

Identify controls required in the project design and the steps to be taken for verification of controls

For high-risk projects: 

Review risks and risk mitigation plans prior to each tollgate 

Advise on controls to be included and steps needed to test controls 

Escalate concerns with unmitigated risks prior to go-live for projects involving application acquisition 

Assist project team in obtaining and reviewing SSAE16 or similar documentation for determining effectiveness of vendor controls 

Provide guidance for additional control evaluation needed beyond SSAE16 

Proactively manage open control matters. 

Track status of open control matters reported in the Risk Convergence Report (audit, regulatory, SOX, PCI, risk and compliance assessments, self-identified) 

Obtain status updates from action plan owners at least monthly 

Provide status of open issues to IT leadership, as well as second and third LoDs

Assist management in remediating and closing issues on time, helping to collect appropriate evidence and document request for closure, as needed 

Validate completeness of remediation efforts to maximize acceptance for closing, and minimize reopening of issues 

The IT Risk & Controls Manager reports to the Risk and Compliance Director. 

Required qualification:

5-15 years experience of Risk & Control in the banking industry 

Proficiency with Risk Management Practices 

Strong IT audit experience 

Strong Risk assessment experience 

Knowledge of ITIL processes 

Familiarity with COBIT Information Security 

Familiarity with Sarbanes-Oxley compliance 

Experience at a financial holding company (FHC) 

Experience with ISO2700x and PCI-DSS Information Security 

Familiarity with GLBA, EU Data Protection Directive, and other relevant laws and regulations 

Knowledge and experience in performing assessments aligned with FFIEC work programs

'A PLUS' 

Industry designation (e.g., CRISC, CISA, CISSP, CISM)

Strong written and oral communications skills including the ability to create organized and articulate summaries of risk assessment findings/points of view that are easily understood by teammates, LOBs, etc. 

Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues 

Familiarity with Federal Financial Institutions Examination Council (FFIEC) guidance and work plans 

Ability to work effectively as a member of a cross-functional team 

Knowledge of IT infrastructure and security 

Proficiency in Microsoft Office Applications 

Analytical and problem solving skills 

Self-motivation and direction 

Detail orientation 

Good organizational skills, ability to establish priorities 

Ability to multi-task, handle competing priorities and follow through on all open items/tasks 

Ability to travel up to 25% 

BS/BA or equivalent experience required

Please help pass along to colleagues or associates below position who are looking for new role if you are not available.

For further details contact me at 

chaitanya (at) mitresource (dot) com

Thank you for your time.