Tech Risk and Controls Lead-Governance

About The Position

Requirements

• Formal training or certification on security concepts and 5+ years of applied experience in technology risk management, information security, or a related field, emphasizing risk identification, assessment, and mitigation.
• Familiarity with risk management frameworks, industry standards, and financial services regulatory requirements
• Proven expertise in data security, risk assessment and reporting, and control evaluation, design, and governance, with a record of implementing effective risk mitigation strategies
• Demonstrated ability to influence executive-level decision-making and translate technology insights into business strategies for senior leaders
• Working knowledge of cybersecurity-related regulations and compliance requirements (for example, General Data Protection Regulation, Payment Card Industry Data Security Standard, Sarbanes-Oxley, Federal Financial Institutions Examination Council)
• Understanding of applicable national and international laws, rules, regulations, policies, and ethics related to cybersecurity in the financial industry.
• Advanced knowledge of product development life cycle practices, service design, and data analytics
• Ability to build dashboards and metrics that communicate control effectiveness, cycle time, and risk posture to stakeholders.

Nice To Haves

• Industry-recognized certification such as Certified Information Security Manager, Certified in Risk and Information Systems Control, Certified Information Systems Security Professional, Certified Information Systems Auditor, or similar
• Experience applying prompt engineering to improve stakeholder engagement, documentation quality, and process efficiency
• Familiarity with coding or scripting, data analytics, cloud control design, cybersecurity controls, and/or distributed technologies
• Experience automating control evidence collection and testing (for example, using application programming interfaces or scripts) to improve reliability and repeatability
• Data visualization and communication skills to explain complex risk and control topics clearly

Responsibilities

• Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations
• Develop and maintain strong relationships with line of business technologists, assessment teams, and data officers to enable cross-functional collaboration and progress toward shared goals
• Execute reporting and governance for controls, policies, issue management, and measurements, providing senior management insight into control effectiveness to inform governance decisions
• Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance
• Perform control assessments, quality assurance reviews, issue closure testing, and oversight of remediation plans to validate sustained control performance
• Establish key risk indicators, key performance indicators, and key control indicators (for example, review cycle time, defect rate, control test pass rates) and service level agreements/objectives to improve resiliency, scalability, sustainability, and stability of control reviews
• Create traceability for catalog changes, including impact assessments, decisions, evidence, and audit-ready artifacts.

Benefits

• comprehensive health care coverage
• on-site health and wellness centers
• a retirement savings plan
• backup childcare
• tuition reimbursement
• mental health support
• financial coaching