Rockland Trust is currently seeking a Director of Governance, Risk, and Controls (GRC). As a member of the Information Security department, this position will be expected to be a thought leader in the maturation of a risk management program using a risk-based approach to generate the greatest value.
Primary responsibility will be to conduct various Application Risk Assessments (ARA) and Device Assessments, properly record those test results in our systems of record, and communicate the test results to the appropriate stakeholders. You will play an important role in engaging respective Application Specialists and Owners across business areas while assessing risk. Your support of the Application Risk and Infrastructure Control Assessment programs will require you to work with application and infrastructure teams to assess controls and evaluate proposed remediation plans for adherence to the controls. You will make recommendations, based on your experience, of how we can automate the way we perform assessments across the firm as we move towards a Continuous Controls Monitoring (CCM) and as we apply other compliance automation tools. You may work on other regulatory and process risk assessment programs as well. Your assessment duties extend to all lines of business in the bank and will include continuously enhancing your knowledge on specific controls across a range of technologies, applications, processes, and infrastructure.
Responsibilities & Duties:
Assist with the bank's ongoing technology risk controls assessment programs, test and evaluate the evidence of the controls and identify any significant control deficiencies, work with the appropriate Application Specialists/Owners to identify and assess proposed remediation steps to adhere to those controls, and address other assessment findings where necessary.
Assist with other compliance and risk assessment programs, including participating in workshops to improve our ability to identify inherent risk and to adjust the descriptions of and approaches to properly obtain evidence of control effectiveness.
Managing individuals to meet expectations of supporting the program.
Establishing relationships with all business lines to fulfill the bank's needs in the successful completion of risk assessments.
Test the evidence of the technical controls and document the tests in our assessment results systems of record.
Conduct Application Risk Assessments (ARA) to gather risk-specific information about technology applications.
Conduct initial interviews related to how controls are applied and assist with the identification and testing of controls. Perform testing of the evidence submitted to validate it proves control effectiveness.
Conduct Device Assessments to gather specific information across various infrastructure components (networks, storage, voice, etc.)
Work with technology teams to gather control design requirements and facilitate discussions to bring to closure identified control issues.
Advise Lines of Business (LOBs) of assessment results based on the testing performed and how those results align with the control standards for the organization.
Evaluate findings and communicate issues and best practices with the rest of the team and management.
Participate in crucial additional projects related to the overall enhancement of the assessment function.
Exhibit a continuous learning mindset for security education & awareness.
Bachelor's degree, preferably in Information Assurance, Computer Science or Information Technology or equivalent experience
Financial services industry, or previous history of successfully navigating a highly regulated and matrixed environment a plus.
3-6 years of internal or external technology audit or risk assessment experience.
Have experience with audit and technology risk assessment processes and an understanding of internal controls and how they protect the firm and its clients.
Ability to effectively develop and communicate recommendations based on various technical compliance and control assessment results.
Detail-oriented with the ability to examine and evaluate processes, controls, and issues to determine risk areas.
Ability to eloquently describe and defend the process, followed in performing assessments, and evaluating results to stakeholders and management.
Can work independently and can collaborate comfortably in a matrix organization within a broader team.
Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal management and other groups involved in technology control assessments.
Experience with Archer in the development and maintenance of managing data quality and integrity.
Basic project management skills.
Exposure to risk frameworks such as ISO, COBIT, and NIST.
CISSP, CRISC, CISA, CISM other industry-recognized risk and information assurance certifications preferred.
Our goal is to offer our colleagues the most generous benefits package possible. We strive to provide colleagues with a comprehensive benefits package and an environment that supports a healthy work-life balance. Benefits include: Competitive compensation with performance incentive awards, Health Insurance, Dental Insurance, a 401K and DC Plan for your retirement, LTD & Life Insurance, Day Care Reimbursement, Tuition Assistance for graduate and undergraduate programs, an award winning Wellness program and much more!
At Rockland Trust you'll find a respectful and inclusive environment where everyone is given the chance to succeed. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.