Senior Consultant Risk

Job Description

The Second Line of Defense (2LOD) Controls Testing partner (Sr. Consultant Risk) will operate with minimal guidance and increased autonomy. This role involves leveraging in-depth conceptual and practical knowledge to execute complex testing engagements, refine methodologies, mentor less experienced team members, and provide strategic insights that influence the cyber and technology risk posture. The key responsibilities of the role include: Test, validate, and enhance control testing methodologies and test procedures, ensuring they remain effective amid evolving cyber and technology threats Perform 2LOD validation work on complex engagements, including advanced testing plans, detailed workpapers, comprehensive findings, and high-quality reporting to risk committees Oversee the resolution of complex risk issues, collaborating with various teams to design, implement, and improve controls, aligning with industry standards and regulatory expectations Conduct in-depth examinations of cyber risk controls, evaluate their design and operational effectiveness, and recommend remediation strategies to leadership Support second-line governance activities, participating in Risk Identification and Change Initiative Risk Assessment processes, and offering expertise on risk trends and control gaps Communicate complex operational and technical risk findings to stakeholders in a clear and persuasive manner, working to build consensus and influence remediation efforts Apply advanced risk assessment knowledge to identify critical risks and controls, informing testing priorities and strengthening risk management strategies Manage multiple testing initiatives simultaneously, applying strong project management and organizational skills while maintaining flexibility in a dynamic environment Monitor evolving banking/financial regulatory requirements, ensuring continuous alignment of testing activities with regulatory guidance and industry best practices The successful candidate will benefit from having: 6+years of experience in IT Audit, Cybersecurity, IT Risk & Control, or related fields CISSP, CISM, CISA, CRISC, or equivalent certifications strongly preferred In-depth understanding of cyber and technology risks within the financial services sector Experience with cloud security, MFA solutions, password management tools, and Secure SDLC practices Strong analytical, communication, and negotiation skills to handle complex issues and build consensus among stakeholders Demonstrated ability to guide less experienced team members and effectively manage projects Proficiency in Microsoft Office 365 and familiarity with risk management/GRC tools (e.g., ServiceNow, Fusion) to streamline issue tracking and remediation