×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

IT Risk & Controls Manager position at Detroit, MI

Job in Detroit, Wayne County, Michigan, 48228, USA
Listing for: MIT RESOURCE
Full Time position
Listed on 2026-01-13
Job specializations:
  • IT/Tech
    Cybersecurity
  • Finance & Banking
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below
Position: IT Risk & Controls Manager permanent position at Detroit, MI
  • Full-time
Company Description

Our world-class IT organization supports an information technology driven business. We deliver industry-leading IT solutions to the “Best Online Bank” (Money Magazine, 2011 and 2012) and the leading Auto Finance Company. IT oversees critical functions that enable the day-to-day operations of the entire enterprise.

Job Description

Location:

Detroit, MI

Type:
Permanent

Responsibilities include interpreting and responding to IT Open Control Matters and Risk issues for the assigned business unit or global function, training and supporting IT Managers to ensure common understanding is in place to meet compliance standards and resolve issues, supporting IT programs in conjunction with business, regulatory, and auditor expectations. Coordinate activities with internal and external auditors. Coordinate IT Management efforts in the collection and reporting of risk metrics.

Risk and Control activities include:

  • Enhance the IT control framework and help the IT organization integrate management of operational risk into their processes and practices.
  • Educate and train IT members in practices of risk and controls management.
  • Convey applicable legal and regulatory IT requirements for inclusion in standards and controls.
  • Develop and communicate controls required for use in SOX, project development and vendor acquisition.
  • Assist process owners in defining operational controls specific to their areas of responsibility.
  • Review existing and proposed controls for effectiveness and opportunities for improvement.
  • Provide guidance to management in self-assessing their own control environments.
  • Support organizations within IT to comply with audits, regulatory exams, assessments, and testing programs.
  • Interpret and explain requests from auditors, examiners, assessors, and testers.
  • Assist auditees in determining appropriate evidence needed to respond to requests.
  • Review evidence being provided by auditees to assure appropriateness, accuracy, and completeness.
  • Discuss potential issues with auditors and auditees to help determine if the finding is truly an issue.
  • Coach auditees on the development of proper action plans to address issues.
  • Review plans to assess effectiveness of proposed remediation and appropriateness of the timeline.
  • Provide input on risks and open issues related to areas to be examined.
  • Assist auditors in obtaining evidence by escalating, as needed.
  • Consult on potential issues, monitor and manage project and vendor risks.
  • Advise project team members on appropriate steps to identify and mitigate project risks.
  • Identify controls required in the project design and the steps to be taken for verification of controls.
  • Review risks and risk mitigation plans prior to each tollgate.
  • Advise on controls to be included and steps needed to test controls.
  • Escalate concerns with unmitigated risks prior to go-live for projects involving application acquisition.
  • Assist project team in obtaining and reviewing SSAE
    16 or similar documentation for determining effectiveness of vendor controls.
  • Provide guidance for additional control evaluation needed beyond SSAE
    16.
  • Track status of open control matters reported in the Risk Convergence Report (audit, regulatory, SOX, PCI, risk and compliance assessments, self-identified).
  • Obtain status updates from action plan owners at least monthly.
  • Provide status of open issues to IT leadership, as well as second and third LoDs.
  • Assist management in remediating and closing issues on time, helping to collect appropriate evidence and document request for closure, as needed.
  • Validate completeness of remediation efforts to maximize acceptance for closing, and minimize reopening of issues.

    • The IT Risk & Controls Manager reports to the Risk and Compliance Director.

    Qualifications

    • 5-15 years experience of Risk & Control in the banking industry.

    • Proficiency with Risk Management Practices.

    • Knowledge of ITIL processes.

    • Familiarity with COBIT Information Security.

    • Familiarity with Sarbanes-Oxley compliance.

    • Experience at a financial holding company (FHC).

    • Experience with ISO
    2700x and PCI-DSS Information Security.

    • Familiarity with GLBA, EU Data Protection Directive, and other relevant laws and…

    Position Requirements
    5+ Years work experience
    To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
    (If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search