A banking services company in New York City is seeking a new Risk & Controls Manager to join its Information Security GRC (Governance, Risk & Compliance) team. In this role, the Risk & Controls Manager will be responsible for assessing and managing IT and cybersecurity risks, ensuring the effectiveness of internal controls, and supporting regulatory compliance efforts.
• **This position can be Remote or Hybrid in NYC. If remote, candidates must work EST hours***
Responsibilities:
• Evaluate internal IT and Information Security controls to ensure alignment with internal policies, regulations, and industry standards
• Manage and maintain the Information Security Controls Catalog
• Oversee GRC platform functionalities such as policies, control libraries, risk assessments, and issue tracking
• Report on cyber risk and control posture to the CISO and other senior stakeholders
• Develop, document, and validate control procedures to strengthen the control environment
• Support remediation efforts and the implementation of corrective actions for control gaps
• Track and monitor results of risk assessments and control testing using dashboards and reporting tools
• Mentor and manage junior team members, fostering knowledge-sharing and team development
• Drive improvements in daily operational processes for greater efficiency and effectiveness
Qualifications:
• 5+ years of experience in Information Security, IT Risk Management, Controls Assurance, or related domains
• Bachelor's or Master's Degree in Computer Science, Engineering, Information Systems, or a related discipline
• Solid understanding of cybersecurity principles, risk management, and control frameworks
• Hands-on experience with GRC platforms (e.g., Archer, ServiceNow, MetricStream)
• Strong written and verbal communication skills
Desired Skills:
• Experience in the Financial Services industry or other highly Regulated environments
• Professional certifications such as CISA, CISM, CRISC, or similar
• Working knowledge of industry-standard frameworks, such as: NIST CSF; NIST 800-53; ISO 27001; COBIT, CIS Controls; CSA CCM; etc.
• Experience in the Financial Services industry or other highly Regulated environments
• Exposure to the Cyber Risk Institute (CRI) profile or similar Regulatory-aligned Cybersecurity frameworks
• Familiarity with Emerging Technology Controls, including AI governance and NYDFS Cybersecurity requirements
Apply Now
Apply Now