Technology Risk & Compliance Manager
5 Paragon Dr Montvale, NJ 07645
Technology Risk and Compliance Manager, Americas will be responsible for driving and maturing company’ s technology risk management strategy based on implementation of industry-standard technology key processes, practices, and standards necessary. This position will work across technology organization to align with business & regulatory requirements & ensure adherence to industry acceptable standards. This role will also maintain internal controls & identify technical compliance gaps and assist Americas teams in building remedial actions to address enterprise compliance gaps against. regulatory requirements and industry best practices such as PCI, SOX and GDPR.
- Developed technology security & compliance framework, policies & operating model
- Worked in risk and//or audit function
- Good working knowledge of technology
- Experience in payment technologies (retail)
- Managed PCI compliance
- Hands on experience with information security strategy and operations (not technical)
- Hands on experience in Data Privacy – like GDPR
- Is an PCI certified ISA or wants to become one
- Is CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk & Information Systems Control) certified or wants to be
- Experience working with ISO 27001 (or similar) security framework, PCI DSS and CSA CCM standards in operational IT environment required
- Experience applying other security frameworks (e.g., CSF, COBIT), laws and standards (e.g. Sarbanes-Oxley, GDPR, HIPAA) helpful, but not required
- General Data Protection Requirements (GDPR)
Technology Risk Framework
- Coordination the development strategic direction in the establishment of the Americas Technology risk management framework
- Identify legal, regulatory and contractual requirements related to technology risk.
- Identify potential threats and vulnerabilities for business processes, associated data
and supporting capabilities to assist in the evaluation of enterprise risk.
- Create and maintain a risk register to ensure that all identified risk factors are accounted for.
- Assemble risk scenarios to estimate the likelihood and impact of significant events.
- Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
- Validate risk appetite and tolerance with senior leadership to ensure alignment
- Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively
Technology Compliance Management
- Provide as subject management expert in relation to technology regulatory compliance, including PCI DSS and GDPR
- Participate in industry forums and conferences to ensure continued thought leadership.
- Develop, update, unify and re-align compliance controls to address new, emerging, and evolving requirements, including compliance certification
- Identify and evaluate risk response options and provide management with information to enable risk response decisions.
- Ensure the business demonstrates compliance through ongoing and periodic internal readiness testing, assessments, and walkthroughs.
- Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
- Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
- Ensure all controls are assigned control owners to establish accountability.
Technology Risk Reporting
- Responsible to coordinate all technology security and compliance reporting
- Coordinate monthly security & compliance board reporting
- Lead engagements with potential and existing Customers for technology security & compliance risk questionnaires
Technology Security & Related Compliance Policies & Procedures
- Development of the overall P&P framework
- Ensure the development and ongoing maintenance of all technology security & compliance policies and procedures.
- Ensure that all IT policies and procedures are compliant with regulatory requirements.
- Coordinate the communication of policies & procedures with internal stakeholders and relevant external stakeholders
Disaster Recovery Planning
- Maintain the IT Disaster Recovery Plan including annual reviews.
- Oversee the regular testing of the plan and update for major changes in hardware, applications, business and regulatory requirements accordingly.
- Coordinate testing and reporting of data backup restorations in accordance with Key Performance Indicators (KPIs).
Projects and Initiatives related to IT
- Maintain the roadmap of security & compliance projects
- Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
- Excellent organizational skills with ability to team with others to develop and implement complex projects.
- Good knowledge of Industry " Best Practices" such as PCI-DSS
Analytical & Problem Solving
- Ability to investigate a problem and find a solution in a timely, efficient manner.
- Interact with our technology, legal, and business stakeholders to understand risks critical to infrastructure and define potential business impact. Prepare and distribute the monthly Wealth Management IT metric report designed to highlight potential risks in specific service domains (ex: Networking, Infrastructure, etc). Prepare the quarterly IT risk summary report to discuss with the CTO and CIO
- Project management experience
- ISA certification, Certified Information Systems Auditor (CISA)
Recruiting Director, Information Technology
Pattie joined the Connors Group team in 2017. Knowing how it’s important to always try and make the right impression with each interaction; Pattie personally feels that clients look for a Recruiter who demonstrates honesty, integrity, as well as trust. When proactively developing a strategic partnership, clients want to know that they can depend on you to deliver the most qualified candidates for their current openings. As a recruiter, she embodies that value in demonstrating passion in her work; evident as they encounter the level of excitement in describing past achievements or enthusiasm in approach to find the most qualified talent for their team!
Pattie strongly feels that candidates prefer that their career is centered around their quality of life. The chance to express preferences for a new job while feeling secure helps encourage them to do what they do best. Quality candidates like to be presented with long-term opportunities where they can see how their skills align with each company. Alternately, people who just feel comfortable tend to base any opportunity on what they currently need in order to make ends meet. Pattie embodies these values by matching the candidate to a position that provides an opportunity to learn, progress, and contribute to the company. Team work is always very key when it comes to empowering an individual to hone their expertise; allowing them the chance to grow within any organization.
Summoning the courage and strength to start her own business while also starting a family is something Pattie is very proud of. Obtaining that perfect balance is always a key challenge, but you need to totally embrace it in order to overcome it. A Director at her former company referred to her as “fearless” …and while she never thought of herself like that, hearing the complement did make her very proud! Her goal is to continue to have a stimulating career; providing open, supportive collaboration to inspire opportunity in the market. She would like to be positioned as someone who is focused on fostering strength in others! Outside of the office, Pattie loves skiing with her family… typically taking a trip out west every year. Going bike riding and taking family vacations are great. She loves summers at a Long Island beach home, going fishing with her boys and spending time at the pool and at the beach!