Lead Control Management Officer – Platform Assurance
Charlotte, North Carolina, United States of America
Full Time
4 hours ago
$100,000 - $196,000 USD
Visa Sponsor
Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformGCPGoogle CloudIAMCI/CDLeadershipRisk ManagementCommunicationCollaborationCloud Security
About this role
Role Overview
- Lead complex initiatives designed to mitigate current and emerging risks with broad impact
- Act as key participant in monitoring, evaluating, and measuring the impact of decisions practiced in Control Management functional area
- Monitor moderately complex business specific programs, and provide risk management consulting to support the business in designing and implementing risk-mitigation strategies
- Monitor, measure, evaluate, and report on the impact of decisions and controls to the relevant business group or functional area
- Develop and implement risk monitoring and risk reporting processes and controls
- Collaborate with relevant business group to identify current and emerging risks associated with business activities and operations, and provide guidance in developing and implementing risk-mitigating strategies
- Lead Control Management project or virtual teams
- Assessment Execution & Control Evaluation Lead and perform complex platform assurance assessments across IT General Controls (ITGC), platform engineering controls, and supporting technology services.
- Conduct hand on control testing and evaluation for emerging technology including cloud (Azure, GCP, AWS), private cloud, IAM, CI/CD, data platforms, databases, and container platforms.
- Identify and assess Consumer/Producer requirements and evaluate their implementation across enabling technologies and system-of-record governance.
- Analyze evidence, document findings, and assess platform risk posture with clear articulation of control impacts.
- Risk Identification & Issue Management Identify technology risks related to access, configuration, deployment pipelines, data protection, and operational resilience.
- Support issue lifecycle activities including root cause analysis, remediation plan review, control design improvement, and evidence validation.
- Contribute to thematic analysis across assessment outputs, threat modeling, Red Team exercises, and audit reviews.
- Control Framework & Governance Assist with maintaining and maturing the platform control framework across Cloud, IAM, CI/CD, Data Management, and PAM domains.
- Support governance routines, audit readiness, regulatory documentation, and senior reporting packages.
- Maintain high‑quality assessment artifacts, testing documentation, and risk summaries for leadership and committees.
- Cross‑Functional Collaboration Work with platform engineering, cyber security, architecture, and application teams to interpret control requirements and support remediation.
- Lead and conduct technical walkthroughs, testing plan, evidence reviews, and control discussions across diverse stakeholder groups.
- Build effective relationships across Technology and Control Management to drive consistent risk management practices.
- Continuous Improvement & Program Support Recommend enhancements to assessment methodology, testing processes, automation, and telemetry‑based monitoring.
- Stay current on emerging technology trends, cloud control models, and regulatory expectations impacting financial institutions.
- Contribute to initiatives that improve the control environment, technology risk governance, and overall program maturity.
- Provide guidance and mentorship to junior assessors and team members.
Requirements
- 5+ years of Risk Management or Financial Services Industry experience, or equivalent experience demonstrated through one or a combination of the following: work experience, training, military experience, education.
- 5+ years of Technology Risk, Control Management, Information Security, IT Audit, SOX or related experience.
- 3 + years experience assessing or testing ITGCs, platform controls, cloud technologies, IAM, CI/CD pipelines, or data platforms
- Certifications such as Cloud Security Engineer, security Architect, CISSP, CISA, CRISC, or similar.
- Experience with monitoring tools, configuration management, or automation technologies.
- Knowledge of encryption standards, data protection, container security, or identity governance frameworks.
- Strong written and verbal communication skills and the ability to collaborate across diverse partner groups.
- Ability to manage multiple assessments and deadlines in a matrixed environment.
- Ability to engage and influence partners across Technology, Cyber Security, Architecture, and Risk.
- Ability to perform complex assessments and clearly convey control weaknesses and recommendations.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
Benefits
- Health benefits
- 401(k) Plan
- Paid time off
- Disability benefits
- Life insurance, critical illness insurance, and accident insurance
- Parental leave
- Critical caregiving leave
- Discounts and savings
- Commuter benefits
- Tuition reimbursement
- Scholarships for dependent children
- Adoption reimbursement