VENDOR RISK MANAGER-1LOD OR APPLICATION IT CONTROLS MANAGER
WHAT IS THE OPPORTUNITY?
This position is part of the Office of the President and is responsible for supporting the IT Risk activities for business managed applications within CNB. The Application Security Assessment Risk Manager-1LOD/Application IT ControlsManager will provide governance and oversight to ensure alignment to the enterprise-wide third-party/Information Technology management programs and drive the centralized process. This role will also maintain procedural documents and provide reporting.
Office of the President Division
Working within the Office of the President division, you will be part of the team that provides strategic support and guidance to City National's commercial lines of business with a strong focus on integrated and streamlined risk and compliance programs.
Want more jobs like this?
Get Project Management jobs in Los Angeles, CA delivered to your inbox every week.
WHAT WILL YOU DO?
- Perform application-centric risk assessments and provide ongoing subject matter expertise to Division Risk Owners and Risk Delegates
- Partner and coordinate closely with stakeholders areas (i.e, product management, Technology and Innovation, Information Security, Third Parties) for timely completion of assessments and ongoing monitoring responsibilities
- Support Business Application Owners with identification, logging, tracking and remediation of control gaps, issues and risk exceptions
- Escalate any delays, significant gaps etc. to management in a timely manner
- Responsible for maintaining a centralized repository for all supporting artifacts (i.e., Ongoing Evidence)
- Participate in Business Continuity Planning activities as they relate to business managed applications
- Lead and participate in various ad hoc projects supporting program enhancements, process improvements, and other functions, as assigned
- Ability to work well in a time-sensitive environment and handle a variety of matters or projects simultaneously
- Become a subject matter expert of a portfolio of business managed applications to support the following activities:Document internal controls (e.g., ISO 27001, SOC 2, NIST, Center for Internet Security Top 18
- Analyze compliance gaps and recommend improvements to business processes, administrative, and technical controls
- Facilitate and document application security assessments and other requests
- Establish and maintain processes for managing security-related audits, control assessments, compliance checks and external assessments across Business, T&I and Information Security. Ensure timely and complete responses to evidence requests and compile management responses and remediation plans as needed.
- Collaborate with the 2LOD to design and maintain a risk and controls matrix mapped to applicable regulatory and selected framework controls and in alignment with the agreed risk appetite. In addition facilitate a Risk and Control Self-Assessment (RCSA) across IT and Information Security.
- Participate in the vendor risk assessment process and provide security risk assessment services and contract reviews to ensure that third parties meet the Bank's information security control requirements.
WHAT DO YOU NEED TO SUCCEED
- High School Diploma
- Minimum of 6-10 years of risk management experience in the financial services industry, conducting third party risk assessments
- Minimum of 3 years of experience in risk and controls identification, appropriately scoping assessments
- Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls are a plus
Skills and Knowledge
- Comprehensive knowledge of third party risk management processes and methodologies
- Experience using Governance, Risk and Compliance (GRC) systems
- Experience in assessment of Business Continuity Plans and Business Impact Assessments
- Strong project management skills (organizing, planning, reporting, documenting, driving tasks to closure, etc.)
- Strong analytical skills, working with data and drawing conclusions
- Excellent oral and written communication skills; ability to communicate with all levels of management; experience performing both detailed and executive-level documentation
- Advanced knowledge of Microsoft Office tools; specifically, Excel and PowerPoint
Starting base salary: $87,027 - $138,965 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.
To be considered for this position you must meet at least these basic qualifications
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Benefits and Perks
At City National, we strive to be the best at whatever we do, including the benefits and perks we offer our colleagues. Get an inside look at our Benefits and Perks.
INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT
City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.
ABOUT CITY NATIONAL
We start with a basic premise: Business is personal. Since day one we've always gone further than the competition to help our clients, colleagues and community flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today. City National is a subsidiary of Royal Bank of Canada, one of North America's leading diversified financial services companies.
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled