This job has expired, please see additional jobs below
Director, Procurement Risk Management
E*Trade Financial
Jersey City, NJ, United States
Job Details - this job has expired, please see similar jobs below
THE COMPANY
E*TRADE is a leading financial services company and a pioneer in the online brokerage industry. Having executed the first-ever electronic trade by an individual investor more than 30 years ago, the company has long been at the forefront of the digital revolution, offering easy-to-use solutions for individual investors and stock participants. Founded on the principle of innovation and determined to level the playing field for individual investors, E*TRADE delivers digital platforms, tools, and professional assistance to help investors and traders meet their near-and long-term investing goals. The Company provides these services both online and through its network of customer service representatives and financial consultants – over the phone at two national branches and in-person at 30 E*TRADE branches.
RESPONSIBILITIES
SUMMARY
Director, Procurement Risk Management position’s core responsibilities are to lead the team that conducts initial risk analysis on all Third-Party vendors that provide products and/or services to E*TRADE.
RESPONSIBILITIES
● Conduct risk analyses for vendors, identify and document control gaps, and present results to support management action, escalation and risk acceptance processes
● Partner with businesses across the enterprise to evaluate the information security risks associated with their vendor engagements.
● Review vendor due diligence materials ( i.e. SOC1/SOC2, SSAE 16, SIG, penetration testing reports, etc.), identify potential issues and follow up for unresolved issues
● Interpret, identify, and prioritize risk based on impact and likelihood
● Work directly with key business leaders to facilitate information risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regards to information risk management.
● Partner with Procurement leads, other risk SME’s, and the vendors to resolve appropriate risk remediation activities to address identified risks
● Facilitating the risk assessment process, including: communicating risk assessment timelines, tracking and escalating completion status, providing status reporting, providing guidance on how assessments should be completed
● Validate evidence from vendors prior to closing out remediation plans
● Develop Senior Management reports including defining and tracking program based metrics (e.g., assessments completed within SLA, challenges, etc.)
● Remaining current on business, regulatory and industry changes that may impact the business and the associated analyses and assessments
● Working with E*TRADE’s Third Party Oversight team to ensure that Risk Methodology and framework is being followed and executed as part of overall 1st line vendor management duties.
● Additional responsibilities may include leading process improvement activities, participating in risk assessment special projects and other assessment related activities.
REQUIREMENTS
MUST HAVE EXPERIENCE
● Minimum of 8+ years’ experience within operational risk area with knowledge of risk and control assessment methodology
● Must have in-depth knowledge of preventative, as well as detective administrative and technical controls
● Communicate and present concisely and effectively based on the appropriate level of management
● Strong interpersonal and oral/written communication skills with the ability to build relationships at all levels
● Strong business and technical analysis, logic and program management skills.
● Ability to work independently, analyze problems and make decisions with minimal direction.
● Ability to manage multiple programs simultaneously in high pressure environment where change is commonplace.
● Experience with Governance Risk and Compliance tools (e.g. Archer, Metrics Stream, etc.)
● Strong project management and organizational skills with experience of working to deadlines within a highly dynamic environment
● Team player with proven ability to build strong cross-business relationships.
● Experience with Shared Assessments evaluations
● Working knowledge of the critical business functions and activities within financial services industry is a plus.
DESIRED EXPERIENCE
● Bachelor’s degree in Information Technology, Information Security, Business or Risk Management (or equivalent experience) with a minimum of 7+ years related work experience required
● CTPRP, CISM, CIA, CISSP certification -Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant controls
● Comprehensive Knowledge of Information Security standards and frameworks (NIST CSF, 800-53, Shared Assessments, ISO, etc.) with an understanding of the why behind the controls and not just the controls themselves.
● Experience assessing cloud based service providers
● Technical and/or IT audit background and practical knowledge of a variety of technologies including operating systems, server, network and web infrastructure, database architectures, intrusion detection and prevention systems
● Solid experience in one of the following: firewall, system, and network architectures and other security best practices, Understanding of software development life-cycle and application security, Infrastructure-as-a-Service and Software-as-a-Service security concepts
● Extensive knowledge and understanding of current and emerging cybersecurity risks, and innovative risk management frameworks and methods.
● Strong knowledge of cybersecurity regulations, laws and standards.
● Ability to collaboratively develop a cybersecurity risk management strategy in conjunction with numerous and diverse stakeholders.
EDUCATION, CERTIFICATION, TRAINING
● Bachelor degree or an equivalent combination of education and work experience.
BENEFITS
We offer a competitive and comprehensive benefits package.
E*TRADE Financial is an Equal Opportunity Employer who encourages diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, age, disability, citizenship, marital status, sexual orientation, gender identity, military or protected veteran status, or any other characteristic protected by applicable law.There are no upcoming events at this time.