IT Risk Manager

A banking services company in New York City is seeking a new Risk & Controls Manager to join its Information Security GRC (Governance, Risk & Compliance) team. In this role, the Risk & Controls Manager will be responsible for assessing and managing IT and cybersecurity risks, ensuring the effectiveness of internal controls, and supporting regulatory compliance efforts. • **This position can be Remote or Hybrid in NYC. If remote, candidates must work EST hours*** Responsibilities: • Evaluate internal IT and Information Security controls to ensure alignment with internal policies, regulations, and industry standards • Manage and maintain the Information Security Controls Catalog • Oversee GRC platform functionalities such as policies, control libraries, risk assessments, and issue tracking • Report on cyber risk and control posture to the CISO and other senior stakeholders • Develop, document, and validate control procedures to strengthen the control environment • Support remediation efforts and the implementation of corrective actions for control gaps • Track and monitor results of risk assessments and control testing using dashboards and reporting tools • Mentor and manage junior team members, fostering knowledge-sharing and team development • Drive improvements in daily operational processes for greater efficiency and effectiveness Qualifications: • 5+ years of experience in Information Security, IT Risk Management, Controls Assurance, or related domains • Bachelor's or Master's Degree in Computer Science, Engineering, Information Systems, or a related discipline • Solid understanding of cybersecurity principles, risk management, and control frameworks • Hands-on experience with GRC platforms (e.g., Archer, ServiceNow, MetricStream) • Strong written and verbal communication skills Desired Skills: • Experience in the Financial Services industry or other highly Regulated environments • Professional certifications such as CISA, CISM, CRISC, or similar • Working knowledge of industry-standard frameworks, such as: NIST CSF; NIST 800-53; ISO 27001; COBIT, CIS Controls; CSA CCM; etc. • Experience in the Financial Services industry or other highly Regulated environments • Exposure to the Cyber Risk Institute (CRI) profile or similar Regulatory-aligned Cybersecurity frameworks • Familiarity with Emerging Technology Controls, including AI governance and NYDFS Cybersecurity requirements Apply tot his job