Middlesex Savings Bank

  • IT Program Assurance Manager

    Location US-MA-Westborough
    Posted Date 3 weeks ago(7/27/2018 3:31 PM)
    Req #
    3682
    Category
    IT/Operations - Program Assurance
    Position Type
    Full Time
    Standard Working Hours
    Monday - Friday 8:00am-5:00pm
  • Overview

    Reporting to the Bank’s Chief Technology Officer, the IT Program Assurance Manager oversees the information technology compliance program and serves as the Bank’s expert on IT compliance issues. The Program Manager ensures that the Bank meets its IT compliance obligations, working within the division of Information Technology and in partnership with all departments of the bank. The IT Program Assurance Manager develops and maintains assessment and monitoring systems, providing current information on the state of IT compliance. Responsible for reviewing federal, state and local pending legislation and regulation for issues that would affect information technology and security. Performs any functions, within the scope of authority and expertise, to provide the highest level of service and responsiveness to internal and external customers.

    Responsibilities

    • Responsible for the effective development, implementation, and monitoring of programs, processes, and procedures to ensure that all information systems products and services meet minimum organization standards and end-user requirements.
    • Responsible for evaluation of information systems and operating procedures in accordance with established department, organization, and industry standards for efficiency, accuracy and security. Determine and recommend improvements in current standards and implementation of system changes.
    • Provide oversight for IT quality assurance practices and procedures in coordination with enterprise risk and business entities staff.
    • Management of IT compliance functions including reporting on gaps, variances, and the assessment and disposition of cyber and technology risk. Proactively document and adhere to key IT controls across operational and information security domains.
    • Proactively support various IT audit obligations across Sarbanes Oxley, Internal Audit, ISO 20000, and regulatory agencies. Monitor, support, and manage IT audit obligations, overall IT system risk, software and operational processes to include adhering to FFIEC guidelines, annual risk assessments, and internal and external audit reviews.
    • Establish, measure and monitor Key Performance Indicators (KPI) and report to the business, executive management, and the board on information technology health risks and timelines; including operating reporting, risk and issue tracking, quality control and compliance tracking and reporting. 
    • Ensure the integrity and confidentiality of data residing in the Bank’s information systems 
    • Perform all duties in accordance with prescribed regulatory compliance guidelines and in conformance with established Bank policies, procedures and objectives.
    • Refer sales opportunities to other departments or bank affiliates in support of established objectives.
    • Perform related and unrelated duties as may be required.

    Requirements

     

    • A bachelor's degree in business or information systems or equivalent work experience is required.
    • Three to five years’ experience with IT Risk Management principles including industry leading practices, industry frameworks, and process flows. Working knowledge of the Risk Management Framework (RMF) and applicable regulations, including SAN, NIST, ITIL and FFIEC.
    • Demonstrated work experience with IT audit principles in a banking technology environment including control environments, audit testing techniques, documentation, and root cause analysis required. Risk and Information Systems Control (CRISC) certification desirable.
    • Experience with FFIEC compliance and certification processes and building, modifying, and managing RMF packages and artifacts for certification and compliance throughout the acquisition lifecycle. Governance Risk Compliance Certification (GRCP) desirable.
    • Experience managing and understanding a Microsoft network/server infrastructure, operating systems, data storage, virtual servers, and business applications. Knowledge with in-house, hosted, application service and cloud service providers required.
    • Experience with performing, interpreting, and reporting vulnerability assessments using various scanning tools.
    • Solid communication skills in articulating strategies, plans, and reporting to team members and executive management as well as the ability to work effectively with internal team members, business line owners, and vendors.
    • Strong analytical, interpersonal, and problem solving abilities to identify and prioritize critical path issues and risks and recommend mitigation strategies.
    • Ability to consistently show initiative and resourcefulness to solve problems and ensure that high-quality work is produced, while respecting deadlines and budgetary considerations.
    • Demonstrated advanced skills in using MS Project, MS Excel, MS PowerPoint, and MSWord to plan, execute, track, analyze and develop business requirements and reporting.
    • Must have schedule flexibility and be able to work extended hours and weekends.
    • Must have a valid driver’s license. Regular travel to Bank sites required.

     

    Middlesex Savings Bank is an EO/AA Employer: Min/Fem/Vet/Disabled

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.