IT Risk and Controls Associate Director

About the Firm:

We are a leading global investment firm and aim to help endowments & foundations, pension plans, and high net worth private clients implement and manage custom investment portfolios that generate outperformance and enable them to maximize their impact on the world. Working alongside its early clients, Cambridge Associates pioneered the strategy of high-equity orientation and broad diversification, which since its inception in the 1980s has been a primary driver of performance for institutional investors. Today, we deliver a range of portfolio management services, including outsourced CIO, non-discretionary portfolio management, investment staff extension, and asset class mandates. Cambridge Associates maintains offices in major financial centers across the globe, with headquarters in Boston, MA.

Working with some of the world’s most sophisticated institutional investors, we bring a deep knowledge of portfolio management best practices to the clients we serve and select our colleagues with great attention to their potential to become a valuable member of a collaborative, intelligent and hard-working team.

About the Team:

We are currently seeking an Associate Director to join our IT Risk and Controls team. The IT Risk function at CA serves as the first line of defense for the Chief Technology Officer (CTO) through a dual-focused mandate: Process and Controls re-engineering; and Control Assurance and Audit Management. As the Associate Director of IT Risk, you will assume a pivotal role in identifying, evaluating, and mitigating IT risks. Working in tandem with stakeholders across our global organization, your responsibilities will encompass documenting critical processes, risks, and controls, as well as crafting process flow diagrams and associated procedural documentation. Your mandate will extend to proactively enhancing processes and controls, with a keen eye towards automation and process efficiency. Furthermore, you will collaborate closely with our counterparts in the second and third lines of defense, alongside our external auditors, to facilitate the gathering and organization of audit-related inquiries. The Associate Director of IT Risk will report to the Senior Director of IT Risk and Controls. 

What You’ll Do:

·       Risk Identification, Documentation, and Assessment: Identify and assess IT risks associated with the IT team’s activities, processes, controls and systems. As required, conduct risk assessments to evaluate the likelihood and potential impact of identified risks.

·       Risk Mitigation and Process/Control Enhancement: Through partnership with system and process owners across IT, develop and implement risk mitigation strategies, and enhance processes and controls to address identified IT risks.

·       Policy Documentation Management: Assist in the development and maintenance of IT policies, directives, standards, procedures, and program mandates in accordance with firm standards. Manage changes to the IT documentation hierarchy, in partnership with relevant stakeholders, through the appropriate change management and governance processes.

·       Risk Reporting and Communication: Assist with the preparation of regular reporting on IT risk, observations, and issues.  Partner with stakeholders across IT to calculate Key Risk Indicators and enter results in our Risk Management platform.

·       Control Assurance & Audit Management: Conduct reviews and evaluations of existing controls to ensure operating effectiveness and efficiency, in accordance with firm guidance and applicable methodologies. Act as a liaison between our IT system and process owners and auditors; ensuring timely delivery of required documentation; and as required, raise potential risk matters to the Senior Director of IT Risk and Controls .

·       Training and Awareness:  Assist in the development of training programs to increase awareness of IT risks and promote a culture of risk management across the department. Provide ongoing support and guidance to employees on risk-related matters. Remain current with respect to industry trends and regulatory developments to proactively identify emerging risks.

What You Bring:

·       Minimum of 4-6 years’ of experience in risk management, emphasizing IT process control, process re-engineering, or controls auditing within the investment industry. Prior experience providing process and controls assurance or consulting at a leading global accounting firm is preferred, but not required.

·       Bachelor’s in accounting, Finance, or related discipline. Advanced degrees or relevant certification (e.g., CISA, CISM, CRISC, etc.) is preferred but not required.

·       Proficient understanding of software development and infrastructure operational processes.

·       Excellent analytical skills with the ability to identify, assess, and prioritize risks effectively.

·       Proficient understanding of key audit requirements and industry best practices related to IT risk management, and controls and process design.

·       Proven ability to collaborate effectively with cross-functional teams.

·       Detail-oriented with a commitment to maintaining high standards of quality and integrity.

·       Proficient understanding of Microsoft Office, inclusive of Visio.

·       Proficient understanding of (or willingness to learn) Lucid Charts, and IBM® OpenPages.

·       Exceptional communication and presentation skills, with the ability to convey complex information clearly and concisely.

·       Skillful in managing multiple projects, reprioritizing as necessary, elevating key decisions as appropriate.

·       Able to work independently and collaboratively.

·       Minimal travel may be required (<10%).

Equal Opportunity Employment:

The firm is committed to the concept and practice of equal employment opportunity and will not discriminate against any employee or applicant on the basis of race, color, religion, age, sex, national origin, sexual orientation, gender identity, disability, or veteran status. It is expected that all employees will follow a similar policy toward their co-workers