Pittsburgh, PA, USA

IT Risk & Compliance Manager

 Job Description:

  • Maintains a high skill level of risk management and systems knowledge as it relates to the overall corporate technology environment. Stays abreast of new developments in the corporations business and technology strategic and operating plans and possesses a solid understanding of the corporations direction and goals to effectively make change.
  • Accountable for Internal/External Audit and examiner preparation and response management for IT related functions as assigned. Serves as the point of contact for IT support requirements in the facilitation of the internal, 3rd party and regulatory audit request lists, tracking of the completion of management replies and the overall examination schedule.
  • Is the liaison to work directly with the Information Security team to understand and manage the IT related requirements across the business units. Is responsible for the Business Resumption and Vendor Management obligations for IT Risk while has direct involvement for the advancement of change as presented through regulatory guidance and recommendation to include being responsible for the ongoing maintenance of the Asset Based Risk Assessment utilizing the SBS CyberSecurity TRAC solution.
  • Is responsible for evolving the IT Risk related opportunities into the Predict 360 Governance Risk and Compliance (GRC) software product and the ongoing development and responsibilities associated in the management of the Vulnerability Management (VM) staff and processes to include being proficient in the utilization of the Qualys VM tool. Administers assigned IT provider invoicing process which includes review, distribution and processing.
  • Also, is responsible for the annual operating plan, the expense allocations and budgeting efforts for the assigned area. Is a member of the Operational Risk Committee and is involved in the application integration requirements presented through bank mergers and acquisition (M&A) technology planning through conversion.

Essential Job Responsibilities

1. Accountable for Internal/External Audit and Examiner preparation and response management for IT related functions as assigned. Serves as the point of contact for IT support requirements in the facilitation of the internal, 3rd party and regulatory audit request lists, tracking of the completion of management replies and the overall examination schedule.

2. Liaison to work directly with the Information Security team to understand and manage the IT-related requirements across the business units.

3. Responsible for the Business Resumption and Vendor Management obligations for IT Risk.

4. Direct involvement for the advancement of change as presented through regulatory guidance and recommendation. Responsible for the ongoing maintenance of the Asset Based Risk Assessment utilizing the SBS CyberSecurity TRAC solution.

5. Responsible for evolving the IT Risk-related opportunities into the Predict 360 Governance Risk and Compliance (GRC) software product.

6. Ongoing development and responsibilities associated in the management of the Vulnerability Management (VM) staff and processes to include being proficient in the utilization of the Qualys VM tool.

7. Administers assigned IT provider invoicing process which includes review, distribution and processing. Also, is responsible for the annual operating plan, the expense allocations and budgeting efforts for the assigned area.

8. Member of the Operational Risk Committee

9. Serves as an active partner in the application integration requirements presented through bank merger and acquisition (M&A) technology planning through conversion. Develops an understanding of the process involving the software provider as it relates to acquisitions and mergers.

10. Fosters an atmosphere of cooperation and communication with other departments, vendors, and within the Technology Group. Develop and cultivates effective relationships with vendor