Cyber Security Risk Treatment Senior Associate

DTCC•Coppell, TX

14h•Hybrid

About The Position

Are you ready to make an impact at DTCC? Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. The Impact you will have in this role: Cyber Security Risk Office (CSRO) is responsible for setting strategic direction in the areas of cybersecurity. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the Cyber Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on cybersecurity. Risk Treatment is responsible for the oversight, management, facilitation and reporting of the Risk Treatment (Policy Deviation and Risk Acceptance) for Technology and Information Security related risks. Responsible for identifying, managing, measuring, and mitigating a spectrum of technology and security related risks in existing and new products, activities, processes, and systems. Accountable for providing advanced technical, analytical and management skills to CSRO.

Requirements

Bachelor's degree preferred or equivalent experience
Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.
Strong organizational, analytical, and documentation skills with high attention to detail.

Nice To Haves

Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
Experience with GRC tools, data visualization tools, data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).

Responsibilities

Manage day‑to‑day intake, tracking, and progression of Policy Deviation (PD) and Risk Acceptance (RA) submissions through their full lifecycle, including renewals, extensions, and closure validation.
Perform initial completeness and quality checks on PD and RA submissions to confirm alignment with documented procedures, required artifacts, and governance standards prior to second‑line review.
Maintain accurate status tracking for all open items, including aging, upcoming expirations, and SLA adherence, escalating concerns to program leadership as needed.
Support risk treatment and policy deviation governance forums (e.g., CRTL forums, leadership reviews) through agenda coordination, materials preparation, and action item tracking.
Document decisions, approvals, and conditions to ensure traceability, transparency, and defensible governance outcomes.
Produce and maintain risk treatment and policy deviation metrics, including lifecycle performance, aging trends, renewals, and items approaching or exceeding tolerance thresholds.
Support risk tolerance updates to enterprise metric repositories (e.g., IBM BPM or successor platforms) and validate data accuracy and consistency.
Prepare standard and ad‑hoc reporting materials for senior management, governance committees, and audit or regulatory inquiries.
Maintain PD and RA procedures, job aids, templates, and governance documentation, including publication and upkeep in Navex or successor systems.
Ensure documentation, evidence, and decision records meet internal audit, regulatory, and examination standards.
Act as an operational point of contact for first line teams submitting PD and RA requests, providing guidance on process expectations, timelines, and documentation requirements.
Partner with Cyber Security Risk Office stakeholders to ensure consistent application of risk treatment standards and governance practices.
Identify recurring issues, thematic trends, or control gaps emerging from PD and RA activity and escalate insights to program leadership for credible challenge and prioritization.
Support program initiatives such as tooling enhancements (e.g., RAPD migration to SmartSuite), lifecycle standardization, and reporting enablement.

Benefits

Competitive compensation, including base pay and annual incentive
Comprehensive health and life insurance and well-being benefits, based on location
Pension / Retirement benefits
Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume