Jobs · North Carolina

GRC Manager - Associate

SMBC Group · Charlotte, NC · Yesterday
Full-time

Role Description

The ARM Manager will be a hands-on manager who can independently and successfully execute the ARM process in the coordination & facilitation of audit request and issue management. The ARM Manager will assume the lead role on an audit / multiple sections of a larger audit and on issue closure throughout the year; they will be the lead point of contact and will be responsible for the co-ordination & facilitation of the audit and issue closure from start to finish (or from remediation progress tracking to closure pack prep), ensuring the process is efficient and well-coordinated.

  • Actively manage all audit requests (including those from issue validation and continuous monitoring exercise), ensuring right artifacts are gathered and audit requests are tracked and responded to on time
  • Be responsible for all related ARM activities associated with the audit / sections / issues for which they are managing
  • Manage the facilitation and coordination of audit request and issue management activities including but not limited to interviews, documentation requests, artifact requests, and review, logistical support for walkthroughs, meetings, facilitating follow-up queries with various stakeholders, reviewing Issue Closure Packs, and facilitating management review and approval
  • Communicate effectively and timely with auditors where necessary to affirm their understanding of the controls in place to ensure the audit testing approach is effective, their requests are appropriate and clear
  • In turn be able to clearly explain the request to Evidence Providers, Control Owners, outlining the risks, controls being tested, assisting them where necessary to ensure the correct artifact is provided
  • Articulate to auditors, stakeholders comfortably and independently, the key controls in place and identification of compensating controls, be able to defend and advocate for these controls to auditors
  • Manage preliminary audit findings, Engage with auditors at an early stage in preliminary findings to ensure completeness and accuracy of understanding
  • Review preliminary findings for plausibility, reasonability, engaging with the Control Owners, Senior Management, Relevant Subject Matters Experts as applicable
  • Provide further information, evidence to the auditor which may result in the preliminary finding being revised or removed, Assist Service Providers, Control Owners in drafting formal management responses to confirmed findings for Information Security management review with the expectation of management oversight required
  • Manage and track audit issues to closure per action milestones, providing periodic status updates to Information Security Management
  • Maintain the ARM Evidence Repository which enables evidence to be leveraged for similar type audit requests for all audits across the firm, Ensuring repeatable evidence is stored and collected in advance where possible
  • Promote use of the central ARM tool, providing information to maintain up to date audit status
  • Review of dashboard metrics to ensure information is up to date and accurate to ensure meaningful information is available for ARM Management
  • Take an active role in projects designed to expand and ensure continuous improvement in the ARM Program, Lead certain aspects of the project, Take ownership for directing the ARM Specialist, ARM Senior Specialist in the performance of their tasks
  • Ensure adherence to the ARM Process Standards, Working with the ARM team to continuously identify areas for improvement, document and implement these
  • Share with the ARM team best practices of ARM activities processes and take lead role in rolling out the improved process
  • For the ARM Manager, Ensure documentation is up to date
  • Create professional training materials on ARM Process and Tools and lead initiatives to educate Information Security team members by conducting the classes and socialization meetings
  • Complete independently ARM activities requested by management, clients, auditors, and regulators

Qualifications And Skills

  • Bachelor’s degree in information technology, Information Security, or related field
  • Have 5 plus years of IT audit (Big 4 preferable), assurance, or consulting experience
  • Possess strong knowledge of General IT Controls, risk, and best practices, especially in relation to Information Security
  • Possess strong knowledge of IT Auditing - the core concepts, audit process, types of audits
  • Possess strong knowledge of Cyber Security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST)
  • Detailed, thorough, diligent technical ability, with good analytical skills, a customer service mindset
  • Strong written, verbal, and interpersonal communication skills must be able to clearly articulate a point and be a persuasive communicator
  • Ability to demonstrate a self-motivated and disciplined approach to learning and working
  • Ability to display initiative and innovation; independently manage ARM assessments, including all related ARM activities from start to finish
  • Ability to take ownership of complex tasks, drive projects forward for timely completion
  • Must have excellent time manageability skills, should be able to prioritize, multitask and manage multiple projects simultaneously

Similar jobs

GRC Manager

CloudZeroBoston, MA· 2 mo ago
Management$56/hrapply on jobs.ashbyhq.com