Controls Management Sr. Analyst

$120,000 - $202,500/Yr

Unclassified - Quincy, MA

posted 4 months ago

Full-time - Mid Level
Quincy, MA

About the position

The Cyber A&E Controls Management Sr Analyst will play a critical role in the Cyber Architecture & Engineering (A&E) function within GCS. Cyber A&E designs, architects, deploys, and continually enhances security measures for the protection of State Street's information related to its assets and customers. This position sits on the Risk Product Management (RPM) team which plays a crucial role in assessing, mitigating, and managing risk across Cyber A&E. The Cyber A&E Controls Management Sr Analyst will support the enhancement of overall risk management within the organization by enhancing the documentation of key controls in the company's Governance, Risk, and Compliance (GRC) tool. This role involves supporting the rationalization of existing controls, identifying gaps, and developing a framework and plan for periodic controls testing. Due to the role requirements, this job needs to be performed primarily in the office with some flex work opportunities available.

Responsibilities

  • Assist in enhancing the documentation of key controls in the GRC tool.
  • Ensure controls are well-defined and comprehensive under the guidance of the Controls Management Lead.
  • Collaborate with internal stakeholders to gather and document control information.
  • Support the review and rationalization of existing controls to eliminate redundancies and ensure effectiveness.
  • Identify opportunities to streamline and optimize the control environment.
  • Assist control owners in implementing necessary changes.
  • Conduct assessments to help identify gaps in key controls.
  • Assist in developing action plans to address identified gaps and enhance the control environment.
  • Aid in the execution of periodic controls testing to ensure control effectiveness.
  • Document test results, identify control weaknesses, and provide recommendations for improvement.
  • Track and report on the status of control testing and remediation efforts.
  • Collaborate with risk management, internal audit, compliance, and other relevant teams to ensure alignment of control activities.

Requirements

  • Experience (~9+ years) in audit, risk management, GRC or similar role with an ability to manage cybersecurity risk matters with confidence.
  • Experience performing controls rationalization.
  • Test of Design (TOD) and Test of Operating Effectiveness (TOE) experience.
  • Bachelor's degree in information technology, cybersecurity, or related field.
  • Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC) or others equivalent.
  • Strong understanding of cybersecurity principles, risk assessment methodologies, and regulatory compliance frameworks (e.g., FFIEC, NIST, ISO 27001, COBIT, etc.).

Nice-to-haves

  • Excellent collaboration and problem-solving skills.
  • Excellent verbal, written, and interpersonal communication skills.
  • Strong analytical skills with high attention to detail and accuracy.
  • Ability to execute in a fast paced, high demand, environment while balancing multiple priorities.
  • Strong time management skills and ability to meet deadlines.
  • Experience identifying inefficiencies, finding opportunities to streamline business processes, and implementing change.
  • Strong strategic and conceptual thinking skills.

Benefits

  • Generous medical care, insurance and savings plans.
  • Flexible Work Programs to help match your needs.
  • Development programs and educational support to help you reach your full potential.
  • Paid volunteer days and matching gift programs.
  • Access to employee networks that help you stay connected.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service