• Provide ongoing training, guidance, support and IT control and compliance status reporting to the company to build awareness of and promote a progressive and sustainable compliance culture. • Design, implement, and oversee execution of the IT controls program including periodic control testing (e.g., design and effectiveness) sufficient to meet regulatory requirements and to satisfaction of internal/external auditors. • Implement and maintain IT controls catalogue and related documentation sufficient to ensure compliance with regulatory requirements and internal policies and procedures. • Verify user and system security configurations for compliance with internal and external requirements; Collect and maintain appropriate evidence and supporting documentation. • Build and maintain effective working relationships and liaise with IT and business unit control owners to collect, report, and retain compliance documentation. • Identify control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts. • Collaborate with and advise ITS and business unit resources on implementing IT controls that achieve risk and control objectives while striking a balance between costs vs. benefits. • Respond to internal and external (clients and business partners) due diligence inquiries and requests for information related to information technology controls and security. • Identify and report on IT control program status and metrics; Assist with Audit Committee and Board reporting. • Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls related content for the Information Security & Compliance intranet site. • Assist in effective management of internal and external audit efforts and partnership; Drive for timely submission of critical audit and compliance deliverables. • Coach, mentor, and oversee company employees and/or external consultants on a periodic basis. • Perform QA reviews of IT controls related work products (e.g., user attestations packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners. • Lead and/or participate in special project teams supporting general business initiatives outside of the primary Information Security & Compliance function. • Maintain knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures and issues, and assist in ensuring the organization remains compliant with such laws and regulations. • Assist in the creation of and updates to department documentation including operating procedures, RACI charts, and process diagrams. • Assist with IT-related aspects of vendor risk management program functions (e.g., risk assessments, due diligence documentation reviews, control testing, contract reviews).