Risk.Assistant Manager

Risk & Compliance Makati City, Philippines


Risk.Assistant Manager



About Citco

Citco is a global leader in fund services, corporate governance and related asset services with staff across 80 offices worldwide. With more than $1 trillion in assets under administration, we deliver end-to-end solutions and exceptional service to meet our clients’ needs.

For more information about Citco, please visit www.citco.com

About the Team & Business Line:

Citco Group provides services to the Citco Group of Companies and helps business to succeed in client service excellence.

As a valuable member of our Risk and Control Team (‘R&C’) you will work closely with internal stakeholders and cross-functional teams to support business operations and help them to achieve their goals.

Your Role:

The Risk and Control Team is a group wide resource, which covers all of the divisions within the Citco Group of companies as defined on www.citco.com. The R&C strategy is to work to support the organization implement a risk and control framework.

R&C has resources based in Cork (Ireland), Jersey City (USA), Manila (The Philippines), and Toronto (Canada).

We are looking for a Risk and Control IT Assistant Manager to:

  • Work within R&C to assess readiness of a new Service Organization Controls (‘SOC 2’) engagement. This may include, but is not limited to:
    1. Analyzing the current control environment against the SOC 2 Trust Services (specifically, the Common Criteria) to identify gaps;
    2. Liaising with Audit, Risk Management, Security, and Technology teams to enhance or implement control activities as needed;
    3. Drafting control activity test procedures that determine operational effectiveness;
    4. Creating and adhering to a project plan so that all required activities are completed within Management’s expected timelines.
    5. Overseeing execution of testing, as prescribed by the project plan.
    6. Engaging with R&C staff, internal subject matter experts, and external audit professionals to organize preparation of test evidence, process walkthroughs, Management reporting, and other key SOC 2 deliverables as prescribed by the project plan and / or assigned by the R&C IT Manager.
    7. Working closely with the R&C IT Manager to develop SOC 2 report language intended for a broad audience (internal stakeholders, client organizations, external auditors, and others).
  • Work collaboratively with team members within R&C to cover the scope and objectives of other Risk Management / compliance projects in an effective and efficient manner, as assigned by R&C Management.
  • Support the organization in implementing an effective and efficient risk management and control framework (both Business processes and Information Technology processes).
  • Evaluate existing IT processes and make recommendations for improvement (e.g. adding efficiency, reducing risk) to Senior Management, as needed.
  • Coach, mentor, and / or train junior R&C staff members to meet R&C Management’s objectives.

About You:


  • The candidate should be educated to at least Bachelor’s degree level from an accredited college / university.
  • A relevant and recognized professional qualification such as Certified Information Systems Auditor (CISA) or equivalent is desirable.

Professional Experience

  • Four to seven years of experience of working in a progressive risk management / internal controls / internal audit function of a financial institution / Big 4 audit firm or in an IT practitioner role. Ideally, the candidate will have experience in the financial services and / or alternative investments industry.
  • At least one year of experience in an audit engagement that required interfacing with an external organization (e.g. external auditor / auditee relationship).
  • Preferably, at least one year of experience in a SOC 2 engagement as either an auditor, project manager, or technical contributor.
  • The candidate should have experience allocating workloads to, guiding, and overseeing junior staff.
  • Proficiency with Word, Excel, and PowerPoint is expected.
  • Preferable to have experience with automated internal audit applications / tools, Service Desk Manager, Jira, ACL (Galvanize), VBA, database IDEs, AWS Cloud technologies, etc.

Key Competencies

  • Strong verbal and written communication skills.
  • Technologically inclined.
  • Self-starter able to perform independently.
  • Adaptable to change.
  • Strive for continuous improvement.
  • Sound risk-based decision making.
  • Attention to detail.
  • Drive for results.

Personal Characteristics

  • Confident personality with ability to communicate clearly and succinctly.
  • Diplomatic but with the necessary tenacity to complete the task.
  • A ‘team player’ who can work well within the R&C function and also collaborate successfully with other R&C team members and peers within the team.
  • Creative and innovative.
  • Strong negotiation and influencing skills.
  • Willingness to take on responsibility and to work on own initiative.
  • Proactive with good project management and organizational skills.
  • Reliable and prepared to undertake international travel.

Our Benefits

Your well-being is of paramount importance to us, and central to our success. We provide a range of benefits, training and education support, and flexible working arrangements to help you achieve success in your career while balancing personal needs. Ask us about specific benefits in your location.

We recognize diversity as a source of organizational pride and strength. We have made it a priority to reflect our nation’s evolving diversity in the people we hire, and the culture we create in our organization.

Citco welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection.