Previous Job
Senior Compliance Associate – IT Compliance
Ref No.: 17-00130
Location: New York, New York
Senior Compliance Associate – IT Compliance

The Information Technology ( "IT”) Compliance Department is responsible for the development, implementation, and management of a comprehensive risk-based IT compliance program designed to support the company's overall compliance with regulations, laws and corporate policies relating to its IT systems and processes.

The department is also responsible for supporting the IT organization in its efforts to identify, measure, monitor and control IT risks.

The Senior Compliance Associate will help provide the framework, processes, tools, consultancy and training necessary for IT to properly manage risk and to make risk-based decisions for its activities.

The successful candidate must:
  • Work effectively with the business, regulatory and technology teams to identify regulatory obligations, and ensure that systems and technology controls are designed and operating to meet those obligations;
  • Have experience with information technology risk and control frameworks, and the ability to assess and design controls based on those frameworks; and
  • Understand application, network, operating system, database and core infrastructure concepts.

The key responsibilities of the Senior IT Compliance Associate are to:
  • perform technical assessments of new systems, or changes to existing systems to ensure compliance with existing and proposed exchange rules, securities laws, and corporate software development lifecycle ( "SDLC”) policies;
  • design technology controls to enhance compliance with existing rules and securities laws, and minimize operational risk;
  • work with development and QA teams to facilitate knowledge transfer for effective testing
    • create scenarios to convey requirement complexity
    • analyze test cases to ensure adequate test coverage on requirements;
  • perform retrospective assessments of information technology and market processes using industry recognized frameworks (COBIT, ITIL, NIST-based frameworks, etc.), and work collaboratively with technology teams to design controls to deficiencies identified; and
  • Manage regulator inspections of technology environment and compliance with SEC Regulation SCI.
The Senior IT Compliance Associate is expected to have the following knowledge, skills and experience:
  • 5+ years of experience in IT audit or IT risk management, preferably in the financial services industry;
  • Proven problem solver with ability to provide in-depth analysis of complex problems, manage risk and make quick decisions;
  • Thorough knowledge of IT processes and controls and a deep understanding of risk and control frameworks (CoBIT, ISO, NIST, ITIL) ;
  • Strong understanding of application, network, operating system, database and core infrastructure concepts;
  • Excellent written, verbal and presentation communication skills;
  • Experience using influencing skills to build consensus and commitment without using line management authority; and
  • One or more of CISA, CRISC, CISM, CISSP, or CGEIT certification required;
  • Bachelor's degree or equivalent.

The following skills and experience are desirable but if not present can be developed while in post:
  • Experience with regulator interaction, ability to handle requests and discuss issues with regulators and familiarity with regulatory rules pertaining to risk;
  • Experience with IT Governance, Risk and Compliance (IT GRC) tools;
  • Data analysis experience using SQL or scripting languages (e.g. Perl, Python, Ruby);
  • Familiarity with equities market structure and automated trading systems; and
  • Prior work experience in systems development, software testing/quality assurance, trading systems compliance, or a business analyst function.