IT Risk Manager

Tandym Tech Logo
Tandym Tech
United States (Remote)
  • Environmental
  • Applications have closed

A banking services company in New York City is seeking a new Risk & Controls Manager to join its Information Security GRC (Governance, Risk & Compliance) team. In this role, the Risk & Controls Manager will be responsible for assessing and managing IT and cybersecurity risks, ensuring the effectiveness of internal controls, and supporting regulatory compliance efforts.

***This position can be Remote or Hybrid in NYC. If remote, candidates must work EST hours***

Responsibilities:

Evaluate internal IT and Information Security controls to ensure alignment with internal policies, regulations, and industry standards

Manage and maintain the Information Security Controls Catalog

Oversee GRC platform functionalities such as policies, control libraries, risk assessments, and issue tracking

Report on cyber risk and control posture to the CISO and other senior stakeholders

Develop, document, and validate control procedures to strengthen the control environment

Support remediation efforts and the implementation of corrective actions for control gaps

Track and monitor results of risk assessments and control testing using dashboards and reporting tools

Mentor and manage junior team members, fostering knowledge-sharing and team development

Drive improvements in daily operational processes for greater efficiency and effectiveness

Qualifications:

5 years of experience in Information Security, IT Risk Management, Controls Assurance, or related domains

Bachelor’s or Master’s Degree in Computer Science, Engineering, Information Systems, or a related discipline

Solid understanding of cybersecurity principles, risk management, and control frameworks

Hands-on experience with GRC platforms (e.g., Archer, ServiceNow, MetricStream)

Strong written and verbal communication skills

Desired Skills:

Experience in the Financial Services industry or other highly Regulated environments

Professional certifications such as CISA, CISM, CRISC, or similar

Working knowledge of industry-standard frameworks, such as: NIST CSF; NIST 800-53; ISO 27001; COBIT, CIS Controls; CSA CCM; etc.

Experience in the Financial Services industry or other highly Regulated environments

Exposure to the Cyber Risk Institute (CRI) profile or similar Regulatory-aligned Cybersecurity frameworks

Familiarity with Emerging Technology Controls, including AI governance and NYDFS Cybersecurity requirements

Apply for job