Sr Technology Risk Engineer
Company: Flagstar Bank
Posted on: March 17, 2023
The Sr Technology Risk Engineer is responsible for the delivery
of the program elements of all first line of defense risk
activities directly or indirectly impacting Information Technology
and Information Security within Flagstar. The Sr Information
Technology Risk Engineer will leverage experience in business and
technical acumen environment to execute the technical program
activities in the areas of audit, technology, compliance, risk
management and security. The position will be responsible for
delivery of an Information Technology Risk program with clear,
defined operational policy, standards and procedures related to
Information Technology and Security..
- Design/execute specific Information Technology and Security
risk program elements to mitigate enterprise IT and security risks
throughout the Bank. Be a role model to more junior members of the
- Design/engineer/execute the implementation of the components of
the Information Technology Risk Program to include external
compliance, internal audit, security, vendor management,
operational risk, quality assurance and quality controls for
technology and information security.
- Design/engineer/execute internal and external compliance
technology audits and regulatory exams, representing Information
Technology throughout the lifecycle of the audit. (planning through
- Execute the first line of defense Risk Management functions for
IT meeting the Enterprise Risk Management (ERM) program elements,
processes and compliance requirements. Execute the Risk Controls
Self-Assessment process for Information Technology and Information
- Execute Awareness and Training for Risk Program elements to
enhance awareness and training appropriate for Flagstar's needs to
ensure that risk responsibilities are understood and carried out
throughout the enterprise.
- Design and execute implementation of Governance, Risk, and
Control frameworks and systems based on recognized best practices
such as COBIT, ISO, NIST, GLBA, SOX, FFIEC, etc.
- Ensures compliance with applicable federal, state and local
laws and regulations. - Completes all required compliance training.
- Maintains knowledge of and adhere to Flagstar's internal
compliance policies and procedures. - Takes responsibility to keep
up to date with changing regulations and policies.
- High School Diploma, GED, or foreign equivalent required.
- Bachelor's degree in a related field is strongly desired.
- Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager, (CISM), Certified
Information Systems Auditor (CISA), or Certified in Risk and
Information Systems Control (CRISC) preferred.
- 4+ years of experience working in technology audit, Information
Security, or Information Technology.
- 3+ years of SOX IT control execution or testing - or IT
auditing experience or IT risk.
- Three years of Information Security or IT experience.
- Demonstrated experience in Risk and Control Self Assessments,
Audits, or exams for technology or information security.
- Demonstrated ability to audit general IT controls including
related infrastructure (Active Directory), operating systems (UNIX,
Linux, Windows), databases (Oracle DB and MS SQL DB), and
applications (Oracle, PeopleSoft, Salesforce, etc.).
- Design and perform root cause analysis, control gap
assessments, and process improvement projects using technical and
problem solving and critical thinking skills to quickly identify
internal control deficiencies, evaluate their risk implications,
and draw the appropriate conclusions.
- Understand Industry standard frameworks for technology, such as
COBIT, ISO, NIST, SANS, and others to design Governance, Risk and
Control frameworks, and systems for technology and information
- Design and develop internal control documentation including
narratives, process and data flows, and other supporting work
- Moderate to in-depth understanding of business environment and
risks associated with the financial services industry, IT
environments, and information dataflow.
- Understand IT audit principles and audit procedures, and
determining and evaluating the severity of potential issues
identified during testing, and to provide guidance to more junior
- Understand IT organization business processes and systems (IT
Security, data management, architectural and planning, technology
life cycle management, regulatory concerns).
- Participate in multiple projects concurrently, works under
- Strong verbal and written communication skills with comfort
around presenting new ideas and presentations to senior
- Demonstrated track record of meeting time commitments.
- Demonstrated track record of working effectively across
functional and organizational lines.
- Demonstrated knowledge of risk management tools.
- Ability to work in teams, and/or as an individual
For Internal use only: Job Band E
Keywords: Flagstar Bank, Troy , Sr Technology Risk Engineer, Other , Troy, Michigan
Didn't find what you're looking for? Search again!
Loading more jobs...