Senior First Line Risk & Controls Analyst - IT Audit

Job Family

IT - General

Job Description Summary

Global Technology Services (GTS) is Aegon's global IT partner that provides infrastructure services, information security and global/corporate application support for Aegon's businesses around the world.
From 6 locations in the US, the Netherlands, UK, and Hungary, we support 20+ country units and 24000+ employees in the world. Our support consists of a wide range of centralized global IT services such as programming, database management, project management, agile/dev/ops, and more.
We continue to maximize the value from having a clear digital and data technology platform strategy that extends our ecosystem, as an approach to digitization, enhancing customer experience, and improving operational efficiency.
All of these teams work closely together to provide innovative and digital solutions as well as critical technology support. This is essential for enabling Aegon's businesses around the globe to be innovative, digital, and competitive, efficient, and effective, and to provide the best solutions and customer experience for our customers and shareholders.

Job Description

Job Description Summary:

The GTS First Line Risk & Control Shareholder Support team provides governance, risk management, internal controls, and compliance services to GTS to support and enable GTS leadership in achieving strategic objectives.

The Senior First Line Risk & Control Analyst  conducts independent comprehensive assessments of the management, operational, and technical controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. To ensure that control objectives are being met and we can provide reasonable level of assurance to all key stakeholders.

This position is focused on global delivery providing centralized services and supporting global program build-out.

Responsibilities:

On a day-to-day basis, this position will perform responsibilities such as some or all the following:

• Review implementation of control requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Identify and report on the determination of gaps in design or controls exist and providing recommendations for remediation and implementation of mitigating controls.
• Identify control requirements specific to an information technology (IT) system in all phases of the system life cycle.
• Collaborate with first line in development of action plans to assess the adequacy of action taken by management to remediate open items
• Drive compliance/audit activities as assigned in relation to Sarbanes Oxley (SOX), IT Control Framework, Service Operation Control audits, manage internal/external audit engagements and third-party business reviews
• Support control assessments first time and ongoing (Process, Application, and Infrastructure)
• Participate in the policy standards implementation strategies to ensure procedures and guidelines comply with applicable control policy.
• Drive and support in the development and implementation of goals, policies, priorities, procedures relating to internal controls
• Drive audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Assess, define, and execute on control optimization
• Support the verification that all acquisitions, procurements, and outsourcing efforts address control requirements consistent with organization goals and objectives
• Support the key stakeholders throughout Aegon on IT control framework and control consultant
• Engage and collaborate with second line to demonstrate the design and operating effectiveness of controls
• Support Cloud AWS (Amazon Web Service), Microsoft Azure control implementation, monitoring, and reporting.

Qualifications

• Bachelor’s degree in computer science, MIS, auditing, finance, or business, or equivalent education and experience 
• Five years of relevant work experience, including experience with information technology operations and information security operations, business continuity and disaster recovery
• Experienced with GRC management frameworks, data protection, data privacy laws, regulations, process improvement, industry requirements and best practices
• Information Security Management experience with NIST CSF, NIST SP 800-53, NIST SP 800-37, FISMA, ISO 27001 or COBIT or other applicable frameworks
• Excellent time management and analytical skills 
• Effective written and verbal communication skills at all levels of the organization 
• Strong project management skills with preference for candidate with excellent Excel and PowerPoint skills
• Team and task oriented
• Attention to detail with the ability to multi-task
• Self-motivated and deadline driven

Preferred Qualifications

• CISA, CISSP, CISM, or CIA recommended. 
• Ability to understand technology, management, and leadership issues related to organization processes and problem solving. 
• Knowledge of Audit Assurance Framework requirements. 
• Financial services experience 
• Experience with GRC solutions 
• Knowledge of public cloud providers (AWS, Azure, etc.)  
• Big 4 public accounting experience working with controls within the Sarbanes Oxley environment.  
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. 
• Skill in creating policies that reflect control requirements. 

Working Conditions

• Office or hybrid office/remote environment

The Salary for this position generally ranges between $93,600- $105,000 annually. Please note that the salary range is a good faith estimate for this position and actual starting pay is determined by several factors including qualifications, experience, geography, work location designation (in-office, hybrid, remote) and operational needs. Salary may vary above and below the stated amounts, as permitted by applicable law.

Additionally, this position is typically eligible for an Annual Bonus based on the Company Bonus Plan/Individual Performance and is at the Company’s discretion. 

This job description is not a contract of employment nor for any specific job responsibilities. The Company may change, add to, remove, or revoke the terms of this job description at its discretion. Managers may assign other duties and responsibilities as needed. In the event an employee or applicant requests or requires an accommodation in order to perform job functions, the applicable HR Business Partner should be contacted to evaluate the accommodation request.

What We Offer