The Enterprise Technology Services (ETS) department within State Street’s Information Technology (IT) division is responsible for all aspects of the infrastructure supporting State Street’s global operations and applications. The ETS Risk and Control team is responsible for risk management, regulatory compliance, audit coordination, and documenting/assessing risk and control crossing all functions within ETS.
This IT Risk and Compliance Associate role will be responsible for timely execution and delivery of all individually tasked risk and control assignments.
- Participate in the Issue Management program, including determining appropriate owners, remediation plans, target dates, and risk ratings for control issues and producing management reports.
- Measure progress of IT Control improvements, based on business value and risk mitigation.
- Provide quantitative and qualitative information to support the prioritization of tactical and strategic risk mitigation projects.
- Recommend improvements to the tracking of risk mitigation activities and measuring residual risk over time.
- Participate in the Process, Risk, and Control framework initiative focused on rationalizing risks and controls using industry frameworks with results maintained in a consolidated risk/control library.
- Assist in the performance of risk assessments of new technologies.
- Assist in the performance of risk assessments including identification of risks, appropriate controls, development of narratives, performance of walkthroughs, testing of controls, and recommendations for control improvement.
- Work with process owners to assess risk and evaluate risk mitigation controls, including controls related to SOC1, SOC2, and SOX audit requirements.
- Provide consultation to process and control owners on management responses, risk remediation methods, and implementation plans.
- Coordinate audit activities between auditors, process owners, and vendor service providers.
- Maintain updated IT industry knowledge via conferences, webinars, and training in order to compare industry best practices to the ETS IT environment.
- Develop and contribute to IT Risk and Control management reports.
- Assist in the development and implementation of new IT risk initiatives, including policies, processes and awareness programs.
- Provide functional and analytical support of GRC tools such as Archer and or applicable databases.