Risk Advisory Manager

Washington D.C
Jul 20, 2022
Aug 08, 2022
Full Time
Management Audits, Risk and Compliance (MARC) Mission Statement:

MARC's mission is to provide independent and objective internal auditing and advisory services to Metro management that add value and enable change for strong organizational governance, internal controls, and effective risk management.

This mission is accomplished by bringing a systematic, disciplined approach to the evaluation of risk management practices and the system of internal controls and underlying business processes that support core services. Our goal is to protect organizational value by providing risk-based and objective assurance, advice, and insight.

Risk Advisory Manager Marketing Statement:

The Risk Advisory Manager has a consultative role with senior management providing support services to assess risks and strengthen internal controls to improve financial management, compliance with Federal regulations, and operational effectiveness. The incumbent shall demonstrate knowledge of FTA regulations and best practices over program management focus areas including information technology, operating technology, cybersecurity, IT Vendor Risk Management, IT general and application controls, and other business process knowledge to help internal business clients identify, remediate, monitor and manage risks to business objectives. Risk management assurance responsibilities will include performing risk reviews and assessments supporting technology and vendor risk management. The Risk Advisory Manager supports the Chief Risk and Audit Officer by assisting the Director of Risk Advisory Services in conducting facilitated risk assessment workshops, internal control validations, and action plans in the implementation of an Enterprise Risk Management Program across the organization as a member of the Risk and Business Advisory team.

  • Senior level experience supporting an Enterprise Risk Management process with a focus on operational, safety and security, compliance, asset management, vendor and third-party risks, with the ability to independently lead meetings and discussions with executives and senior management across the Authority.
  • Ability to apply general risk management principles to specific risk focus areas like operational, safety and security risks.
  • Ability to facilitate the identification, assessment, prioritization and monitoring of risk across the organization.
  • Ability to manage multiple high-level projects, sometimes requiring immediate action.
  • Prior experience with the COSO Enterprise Risk Management (ERM) framework preferred.
  • Prior experience with Safety Risk Management in a transit or public transportation environment preferred.
  • Prior experience leading the design and implementation or knowledge of a Governance Risk and Compliance (GRC) tool like Archer GRC is highly preferred.
  • Certification in Risk Management Assurance, Certified Internal Auditor, other related certification desired.

Minimum Qualifications:

  • Bachelor's Degree in Business Administration, Accounting or related field

  • Minimum of eight (8) years' experience in risk management, compliance, audits, investigations, public accounting, financial management or other related fields to include team lead experience providing quality reviews for reports of other units

  • Professional audit or risk management certification such as Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA) or comparable. Professional experience equivalent may be considered as deemed appropriate.

  • Master's Degree in Business Administration, Accounting or related field

Medical Group:

Satisfactorily complete the medical examination for this position, if required. The incumbent must be able to perform the essential functions of this position either with or without reasonable accommodations.

Job Summary:

The Risk Advisory Manager has overall responsibility to assist in the execution of a risk, compliance and internal control strategy within the Authority. The incumbent identifies, documents, tracks, monitors, and escalates organizational risk related issues as necessary, and is responsible for the management and delivery for assigned Program as part of the Governance, Risk and Compliance strategy deployed across the organization within MARC. Supports the Authority's business units in the development, implementation, and maintenance of new or current policies, practices and procedures under the direction of the Chief Risk and Audit Officer. This position requires a thorough understanding of the Authority's business objectives, risks, critical success requirements, regulatory environment as well as the needs of business unit management. Incumbent will assist in the performance of reviews as necessary, augmenting organizational compliance through effective communication, and supporting education and training programs.

Essential Functions:
  • Supports the development and execution of a risk, internal control and compliance strategy, and support the Internal Audit work plan for internal controls across the organization, develops, implements, and maintains a "best practice" Governance, Risk and Compliance practices. Develops a program plan for the assigned Governance, Risk and Compliance Program elements, which may include of the following but not limited to, Enterprise Risk Management, Internal Controls and Financial Management Control Oversight, Vendor, Operational, and Safety Risk and Safe Advisory, Regulatory Compliance, IT Risk Advisory, Governance Risk and Compliance Systems, Regulatory Compliance and Training Programs to ensures compliance with established internal control procedures. Determination made by examining records, reports, operating practices, and documentation and through effective use of resources, on-going needs analyses and timely stakeholder involvement.
  • Develops and coordinates the implementation of an enterprise-wide enterprise risk management program that integrates business unit strategy, performance with risk appetite to achieve objectives in carrying out core services to facilitate an efficient and effective control environment as an appropriate risk response determined by implementing the Enterprise Risk Management Program.
  • Develops and creates internal review processes that are perceived as added-value by affected stakeholders to maintain internal control systems and facilitate a healthy control environment determination made by identifying loopholes and recommending risk aversion measures.
  • Continuously examines and evaluates the level of business unit compliance and related control procedures with external regulations and internal policies and procedures, with major emphasis on high risk business units and functions to support the Authority moving toward its objectives. Conducts periodic risk assessments, develops and maintains risk and control matrices for areas for applicable areas, develops and maintains process maps, and provides guidance to assigned Analysts and support staff. Determinations are made by evaluating the Chief Business Plans.
  • Facilitates business unit compliance improvement and Provides compliance oversight with major emphasis on high risk business units to ensure that identified deficiencies are corrected in a timely manner based on continuous monitoring and examination of the levels of business unit compliance with existing policies, practices, and procedures.
  • Encourages and demonstrates a collaborative working relationship with the Office of the Inspector General to support the control systems. Effective communications with management to ensure that identified deficiencies are corrected in a timely manner.
  • Provides expert advice and counsel to business units on risk, internal control, and compliance-related issues, enabling senior management to respond in a more initiatively way to the risks. Acting as focal point for the dissemination of new compliance practices, trends and methodologies.
  • The essential duties listed are not intended to limit specific duties and responsibilities of any particular position. Nor is it intended to limit in any way the right of managers and supervisors to assign, direct and control the work of employees under their supervision.

Evaluation Criteria

Consideration will be given to applicants whose resumes demonstrate the required education and experience. Applicants should include all relevant education and work experience.

Evaluation criteria may include one or more of the following:
  • Skills and/or behavioral assessment
  • Personal interview
  • Verification of education and experience (including certifications and licenses)
  • Criminal Background Check (a criminal conviction is not an automatic bar to employment)
  • Medical examination including a drug and alcohol screening (for safety sensitive positions)
  • Review of a current motor vehicle report


WMATA is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other status protected by applicable federal law.

This posting is an announcement of a vacant position under recruitment. It is not intended to replace the official job description. Job descriptions are available upon confirmation of an interview.

Similar jobs