Head of Technology Risk, Governance, and Controls

About The Position

Requirements

• Minimum of 15 years of experience in technology risk management and internal controls implementation, including both building and operating a function, including people management experience.
• Strong stakeholder relationship acumen to navigate issue resolution and urgency with internal and external stakeholders.
• Able to convey complex risk topics, including progress of remediation efforts, statuses of issues, etc. to varied audiences (e.g., executive leadership, technical teams, audit, etc)
• Successful track record in working in a global environment, with the ability to create constructive relationships and communicate across various organizational teams.
• Exceptional analytical skills and problem-solving abilities, with proven experience in prioritizing and executing tasks in a high-pressure environment.
• Deep familiarity with technology risk and control frameworks such as NIST CSF, ISO 27001, COBIT, and SOX IT General Controls.
• Understanding of emerging technology risk domains including AI/ML, cloud, and data privacy; ability to develop risk approaches for novel and evolving technology landscapes.
• Must be in reasonable distance of one of our office locations. Role will be required to be in office at least 2 days per week.

Nice To Haves

• Experience applying risk and control frameworks in a regulated environment.
• Hands-on experience with GRC platforms (e.g., ServiceNow GRC, Archer, or equivalent) to operationalize governance and reporting at scale.
• Relevant professional certifications such as CRISC, CISM, CISSP, or equivalent.
• Experience working with core AI capabilities such as Microsoft Copilot, Claude, or ChatGPT, particularly in solving business problems through custom agents or workflows.
• Demonstrated experience operating within a Three Lines model, partnering with an independent second-line risk function and Internal Audit organization, without duplicating accountability.
• Experience assessing third-party, vendor, and cloud-dependency technology risk, including operational resilience and concentration implications.
• Master of Business Administration or Engineering or related discipline.

Responsibilities

• Lead the technology risk and governance strategy by driving risk initiatives in support of the Enterprise Technology and Transformation strategy to protect our brand, enable business-focused capabilities, and lead with innovation.
• Ownership and liaison for SOX controls with Finance, Internal Audit and External Auditor including responsibility for the annual testing of related IT SOX controls and deficiency remediation.
• Scale and optimize the first-line of defense to proactively identify and mitigate technology risk across the firm.
• Work in tandem with the Enterprise Risk and Compliance team to contribute to the enterprise risk appetite and taxonomy, and design and operate the controls that implement them within technology.
• Establish and track KPIs and KRIs related to technology risk and compliance across all technology teams; create consistency in measuring and reporting.
• Collaborate with senior stakeholders across the enterprise to integrate risk management into strategic planning, product development, and operational rigor.
• Lead risk assessments and partner with Internal Audit to ensure compliance and identify areas for improvement.
• Drive a culture of risk awareness and continuous improvement, ensuring compliance to industry standards.
• Create risk awareness programs designed to improve the risk fluency of our technology organization.
• Own first-line management of technology risk arising from third parties, external platforms, cloud providers, and critical dependencies—including concentration and continuity exposure—partnering with Procurement / Third-Party Risk Management and the second-line dependency function.
• Own identification, remediation planning, tracking to closure, and timely escalation of technology risks, control issues, and audit action plans across the organization.
• Design, implement, and operate the technology control environment, including control self-assessment and the production of audit- and oversight-ready evidence.
• Embed first-line risk management and controls for AI including model and use-case inventory, secure deployment, monitoring, and control operation.
• Strengthen operational resilience and continuity for critical technology services, including availability and recovery expectations.
• Map regulatory and compliance obligations affecting technology into the control environment, ensuring traceability between obligations, controls, and evidence.

Benefits

• Health care coverage designed for the mind and body.
• Generous time off helps keep you energized for your time on.
• Access a wealth of resources to grow your career and learn valuable new skills.
• Competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
• Perks for your partners and little ones, too, with some best-in class benefits for families.
• Retail discounts to referral incentive awards