Wellington Management offers comprehensive investment management capabilities that span nearly all segments of the global capital markets. Our investment solutions, tailored to the unique return and risk objectives of institutional clients in more than 55 countries, draw on a robust body of proprietary research and a collaborative culture that encourages independent thought and healthy debate. As a private partnership, we believe our ownership structure fosters a long-term view that aligns our perspectives with those of our clients.
Tracing our roots to 1928, Wellington Management Company, LLP is one of the world's largest independent investment management firms. With over US$1.2 trillion in assets under management as of 31 December 2020, we serve as a trusted adviser to institutional clients and mutual fund sponsors in over 60 countries. Our innovative investment solutions are built on the strength of proprietary, independent research and span the global capital markets, including equity, fixed income, multi-asset, and alternative strategies. As a private partnership whose sole business is investment management, our long-term views and interests are aligned with those of our clients. We are committed to attracting a talented and diverse workforce, and to fostering an open, collaborative, and inclusive culture because we believe multiple perspectives lead to more informed investment and business decisions. As an Equal Opportunity Employer, we welcome people with diverse life experiences, fresh ideas, and specialized subject-matter expertise.
This role will be part of our global Information Technology Risk & Controls team providing second line of defense oversight and governance over the corporate Information Security organization for the local office. This role will be a key member of the firmwide IT Risk & Controls team, working with other global representatives to develop standards, processes, and controls at both the local and corporate level, as well as developing processes to monitor the effectiveness of those controls for the local office. As part of this role, you will be exposed to some of the latest technologies and approaches.
Oversight and governance of a corporate Information Security function and a corporate Information Technology function
Periodic review of corporate level reports and metrics to identify areas of increasing risk
Regular reporting to and support of the local office boards and risk committees
Regular review of Information Security and Information Technology incidents reported locally or by outside parties used to provide services to assess potential impact to the office and report findings to senior leaders
Monitoring the adequacy and effectiveness of internal control activities, performing an in-depth analysis of any areas of increasing risk, and escalating areas of concern to senior leaders
Helping to define and further develop risk management frameworks which are relevant to the local office
Ensuring intragroup service agreements meet local IT and Information Security requirements
Representing the local office's interests in firmwide committees and working groups
Development of Key Risk Indicators
Assist in the design and development of processes and controls to manage risks, inclusive of disaster recovery and business continuity planning
Develop and deliver Information Security Awareness training to the local office
Maintain documentation for all local office guidelines, assessments, and reviews
Alignment with local Compliance function to understand all relevant laws and regulations with regard to information security and information risk
A minimum of 7-10 years' experience in an Information Security or Information Technology Risk & Controls discipline
Previous experience assessing, documenting, and communicating Information Security and Information Technology Risk to senior leaders, risk committees and boards
A strong understanding of, and proven experience working with, regulatory requirements such as BaFin, MaRisk, and other similar circulars
Previous experience leading a second line of defense risk management function
CISSP, CISA, CRISC, CISM, or CGEIT certification, or proven experience in Information Security and Information Technology risk management is required
Ability to function independently
Excellent oral and written communication skills, with a proven ability to effectively interact with teams representing a wide variety of technical disciplines.
JOB TITLE Lead Systems Analyst-IT Risk & Controls
As an equal opportunity employer, Wellington Management ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, sex, sexual orientation, gender identity, gender expression, religion, creed, national origin, age, ancestry, disability (physical or mental), medical condition, citizenship, marital status, pregnancy, veteran or military status, genetic information or any other characteristic protected by applicable law . If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at GMCANINQ@wellington.com .