*Role:* *Sr Compliance and Risk Management Analyst* *Location:* *Washington, DC.*
*Mode Of Interview: Phone followed by Face To Face* *Visa:* * H1B* *Background/General Description:* The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk management across the Financial Group, enabling the achievement of XXX business objectives. ITSSR enables and facilitates a risk aware culture, ensures that XXX information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the XXX Group are coordinated and aligned to the Financial business and IT strategy. ITSSR establishes and maintains the XXX Group's IT and information security policies and standards; develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that information risks are identified, assessed, and managed in a consistent manner with the overall risk management approach and established risk appetite and tolerance. *ITSSR consists of the following units*: 1) ITS Risk Management and Security Advisory, 2) Compliance, 3) Policy, 4) ITS Security Operations, 5) Program Management Office (PMO).Duties and Accountability *The primary responsibilities include, but are not limited to, a combination of the following:* · Conduct IT technical and process audits as well as compliance assessments based on COBIT, ISO 27001 & ISO 20000 frameworks. · Develop test plans and detailed test procedures to assess operating effectiveness of IT technical and process controls. · Assist in controls implementation including documentation of processes and procedures to address Internal Controls over Financial Reporting (ICFR) requirements for the IT General Computer Controls (ITGC) for Information Security, Change Management and IT Operations areas. · Assess compliance against technical standards for various platforms and technologies. · Discuss compliance and audit issues with stakeholders and develop action plans to address them. · Collect, evaluate, and maintain data to ensure that required management reporting is completed as needed. This also includes inputting appropriate data into GRC tools. · Assist in monitoring open audit items from audits such as WBG internal audit department (IAD) IT audits, external financial audits on Internal Controls over Financial Reporting (ICFR); and ISO 27001 & ISO 20000 certification audits to ensure execution of remedial activities defined in the agreed action plans and risk treatment plans. · Perform other duties in the compliance work program as assigned. *Selection Criteria* · MA/MS (In Computer Science, Information Systems or a related technical field or equivalent combination of education and experience. BS/BA is minimum education requirement.); · Minimum 5-7 years’ experience working in an information security, information technology or compliance related field; · Demonstrated experience in conducting IT audits; · Familiarity and understanding of broad range of IT hardware and software products; · Experience in auditing platforms (UNIX, Windows) and databases (Oracle); · Thorough understanding of industry standards and regulations including COBIT, COSO, and SOX; · Good knowledge of ISO 27001 & ISO 20000 control frameworks; · Experience in conducting design and operating effectiveness testing for the ITGCs; · Knowledge of ERP and financial system including but not limited to SAP, PeopleSoft and Summit and enterprise GRC systems such as BWise and RSAM; · Possess excellent written and verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers; · Possession of industry certifications highly preferred including, but not limited to Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and Information Systems Security Management Professional (ISSMP); · Ability to work independently and within groups, Must be self-motivated and able to work independently with minimal supervision; · Highest ethical standards. Regards, *George Carlin* * Senior Recruiter.* *AffluentTEK, LLC.* *PROFESSIONAL IT SOLUTION* 43676 Trade Center PL, STE # 235, Dulles, VA 20166. Email: *gcar...@affluenttek.com <gcar...@affluenttek.com>* Tel: *585.568.7282* Fax: *585.568.7209* Web: *www.AffluentTEK.com <http://www.AffluentTEK.com>* *Please consider the environment and do not print this email unless absolutely necessary. Save Earth!!* CONFIDENTIALITY NOTICE: This message is intended only for the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited, and you are requested to please notify us immediately by telephone, and return the original message to us at the above address. -- You received this message because you are subscribed to the Google Groups "MCMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to mcms+unsubscr...@googlegroups.com. To post to this group, send email to mcms@googlegroups.com. Visit this group at https://groups.google.com/group/mcms. For more options, visit https://groups.google.com/d/optout.
