IT Risk and Control Analyst

About ABN AMRO Clearing USA LLC

ABN AMRO Clearing USA LLC (AAC-USA) is a subsidiary of ABN AMRO Clearing Bank N.V. We are a global clearing firm that provides an integrated suite of financial services to professional trading participants in the global financial market.

The core service offering consists of clearing, execution, stock borrowing and lending, settlement. AAC-USA has a Global Reach through direct and indirect clearing memberships to over 90 of the world’s leading exchanges. Our international network provides comprehensive market access to exchange-listed instruments such as stocks, futures, and options. ABN AMRO Clearing USA LLC-Member FINRA, NFA, FIA and SIPC.

Job Overview

This role will help to manage and reduce the organization’s information security risks through continuous management & reporting relating to the NIST Framework. Additionally, this role will act as a supporting resource for the timely completion of Internal & External IT audit evidence requests, questions, and action items. The position is part of the IT Control & Service Management team (ITC&SM), which also liaises with global counterparts.

This position is based in our Chicago office and requires a min of 3 days per week onsite in office.

Job Responsibilities

• Continuously manage, monitor, & report on the risk control framework detailed in the Information Security Governance Plan, specifically NIST & COBIT control frameworks
• Act as a supporting resource for both internal & external audits (audit management), gathering & presenting detailed operational evidence (control monitoring), while driving recommended audit action items through execution and closure (issue management)
• Liaise with the Information Security CoE (Center of Excellence), and 2nd Line of Defense on key issues and projects
• Execute various risk assessments and analyze the data, present the results and conclusions to management. Research deviations and advises about risk mitigating actions. Organize and controls follow-up of assessments
• Responsible for management reporting for any needed improvements and advise on the development and implementation of changes in standards and procedures
• Reviews and revises Information Security procedures and makes recommendations for their implementation
• Provide First Line of Defense IT Risk guidance within the IT Control & Service Management team across all aspects of the IT landscape; inclusive of Client and Third-Party questionnaires
• Collaborate with IT teams and individuals across the globe on various initiatives, projects and tasks

Basic Qualifications

• 5 years of IT Risk Management experience, working with both internal and external audit
• Bachelor’s degree or equivalent qualification in related field
• Knowledge and experience with NIST frameworks
• Knowledge and experience with of audit lifecycles
• Familiarity of Information Security best practices, particularly in the financial services industry
• Knowledge of information security management and of IT systems, processes and regulations
• Excellent oral and written communication skills
• Ability to effectively communicate with all levels of an organization, including senior stakeholders
• Strong attention to detail & documentation required
• Strong knowledge of Microsoft office tools

Preferred Qualifications

• CISM, CISA, CISSP, CRISC or CGEIT certifications
• Experience working in a regulated and/or financial and/or IT industry preferred – move to preferred
• Knowledge and experience with COBI and/or ITIL frameworks
• Familiarity with Atlassian Products (Jira, Confluence) and ServiceNow

Below is the expected base salary for this position. Offers will ultimately be determined based on experience, education, skill set, and performance in the interview process. This position will also be eligible for a discretionary bonus.

Base Salary Range: $105,000—$130,000 USD