Software Guidance and Assistance, Inc.
IT RCSA Specialist/Analyst
Software Guidance and Assistance, Inc., New York, New York, us, 10261
Software Guidance & Assistance, Inc., (SGA), is searching for an IT RCSA Specialist/Analyst for a CONTRACT assignment with one of our premier Financial Services clients in lower Manhattan, NYC. He or she will need to in the office 2 days/week.
This role is critical in strengthening the firm's Risk & Control Self-Assessment (RCSA) program, which includes completing analysis and assessment of inherent and residual risk within key Technology areas. The ideal candidate will possess Deep technical knowledge of various technology domains Understanding of risk methodologies Experience with risk and control frameworks and implementations. Responsibilities :
Risk Identification:
Support the identification and analysis of technology risks, ensuring alignment with relevant industry standards, regulations and internal policies. Identify mitigating controls and possible gaps in current control implementations and prepare residual risk analysis. Develop and maintain detailed documentation of risk mappings, including rationale, evidence requirements, and ownership. Support risk assessments by Process Owners by building relationships, providing support and creating material to further support RCSA data collection and completion.
IT Risk Management:
Provide expert guidance on risk mitigation strategies, control enhancements, and residual risk acceptance, as required. Collaborate with technology teams, business stakeholders, and leadership to prioritize and address effective challenge feedback from other First Line stakeholders and Second Line. Assist in the development and implementation of risk reporting mechanisms to provide actionable insights to management.
Framework Development & Maturity:
Contribute to the ongoing development, refinement, and maturity of the organization's IT Risk Program. Advise on best practices for risk identification and analysis, control mapping, risk monitoring, and continuous improvement.
Stakeholder Collaboration & Guidance:
Serve as a subject matter expert and provide senior-level guidance to technical teams, project managers, and business stakeholders on control requirements and risk considerations. Facilitate workshops and training sessions to foster a strong understanding of risk assessments and risk management principles. Communicate complex risk and control concepts clearly and concisely to both technical and non-technical audiences.
Audit & Assurance Support:
Support internal and external audit activities by providing evidence, explanations, and documentation related to risk assessments and risk posture. Assist in responding to audit findings and developing corrective action plans.
Required
Skills :
Experience:
Minimum of 2+ years of experience in IT Risk management (MUST BE STRONG), IT audit, information security, or IT compliance roles. EXPERIENCE with RISK & CONTROL SELF-ASSESSMENT (RCSA) PROGRAMS Demonstrable experience in technology risk to risk assessment frameworks or similar risk background Any experience with various cybersecurity frameworks and regulations (e.g., NIST, CoBiT, NYDFS, OSFI) Financial Services
Technical Acumen:
Strong understanding of diverse technology domains, including cloud computing, network security, application security, data protection, identity and access management, and infrastructure security. Familiarity with various business and security technologies and their associated risks.
Analytical & Problem-Solving Skills:
Exceptional analytical skills with the ability to dissect complex technical and business processes to identify risk points and exposures. A strong, logical, and structured approach to problem-solving.
Communication & Interpersonal Skills:
Excellent written and verbal communication skills, with the ability to articulate complex technical and risk concepts to diverse audiences, including senior leadership. Strong writing skills Strong interpersonal skills and the ability to build rapport and influence stakeholders at all levels.
Independence & Proactiveness:
Ability to work independently with minimal supervision, manage multiple priorities, and deliver high-quality results in a fast-paced environment. Proactive in identifying potential issues and proposing solutions.
#LI-HV1
SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at https://sgainc.com/ .
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.
This role is critical in strengthening the firm's Risk & Control Self-Assessment (RCSA) program, which includes completing analysis and assessment of inherent and residual risk within key Technology areas. The ideal candidate will possess Deep technical knowledge of various technology domains Understanding of risk methodologies Experience with risk and control frameworks and implementations. Responsibilities :
Risk Identification:
Support the identification and analysis of technology risks, ensuring alignment with relevant industry standards, regulations and internal policies. Identify mitigating controls and possible gaps in current control implementations and prepare residual risk analysis. Develop and maintain detailed documentation of risk mappings, including rationale, evidence requirements, and ownership. Support risk assessments by Process Owners by building relationships, providing support and creating material to further support RCSA data collection and completion.
IT Risk Management:
Provide expert guidance on risk mitigation strategies, control enhancements, and residual risk acceptance, as required. Collaborate with technology teams, business stakeholders, and leadership to prioritize and address effective challenge feedback from other First Line stakeholders and Second Line. Assist in the development and implementation of risk reporting mechanisms to provide actionable insights to management.
Framework Development & Maturity:
Contribute to the ongoing development, refinement, and maturity of the organization's IT Risk Program. Advise on best practices for risk identification and analysis, control mapping, risk monitoring, and continuous improvement.
Stakeholder Collaboration & Guidance:
Serve as a subject matter expert and provide senior-level guidance to technical teams, project managers, and business stakeholders on control requirements and risk considerations. Facilitate workshops and training sessions to foster a strong understanding of risk assessments and risk management principles. Communicate complex risk and control concepts clearly and concisely to both technical and non-technical audiences.
Audit & Assurance Support:
Support internal and external audit activities by providing evidence, explanations, and documentation related to risk assessments and risk posture. Assist in responding to audit findings and developing corrective action plans.
Required
Skills :
Experience:
Minimum of 2+ years of experience in IT Risk management (MUST BE STRONG), IT audit, information security, or IT compliance roles. EXPERIENCE with RISK & CONTROL SELF-ASSESSMENT (RCSA) PROGRAMS Demonstrable experience in technology risk to risk assessment frameworks or similar risk background Any experience with various cybersecurity frameworks and regulations (e.g., NIST, CoBiT, NYDFS, OSFI) Financial Services
Technical Acumen:
Strong understanding of diverse technology domains, including cloud computing, network security, application security, data protection, identity and access management, and infrastructure security. Familiarity with various business and security technologies and their associated risks.
Analytical & Problem-Solving Skills:
Exceptional analytical skills with the ability to dissect complex technical and business processes to identify risk points and exposures. A strong, logical, and structured approach to problem-solving.
Communication & Interpersonal Skills:
Excellent written and verbal communication skills, with the ability to articulate complex technical and risk concepts to diverse audiences, including senior leadership. Strong writing skills Strong interpersonal skills and the ability to build rapport and influence stakeholders at all levels.
Independence & Proactiveness:
Ability to work independently with minimal supervision, manage multiple priorities, and deliver high-quality results in a fast-paced environment. Proactive in identifying potential issues and proposing solutions.
#LI-HV1
SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at https://sgainc.com/ .
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.