Tech Risk and Controls Lead

About The Position

Requirements

• Formal training or certification with 5+ years in technology resiliency, operational resilience, or technology architecture in cloud-enabled environments; strong fluency with AWS resiliency constructs.
• Demonstrated ability to challenge and guide technical teams on resilient architectures and recovery strategies; comfort discussing trade-offs and failure modes.
• Experience planning and overseeing large-scale tests/exercises and translating findings into code/config/IaC remediation.
• Strong knowledge of distributed systems patterns (timeouts, retries, backoff, circuit breakers), network architecture, cyber risk, and business continuity principles.
• Proficiency in data analysis and MI (Excel or similar) to derive insights on SLOs, RTO/RPO, and control effectiveness; ability to communicate risk-based recommendations to senior stakeholders.
• Familiarity with Infrastructure as Code (Terraform or AWS CloudFormation) and automation concepts to effectively assess and guide guardrails and recovery automation.
• Excellent communication, stakeholder management, and program leadership; proven ability to drive accountability across multiple teams.

Nice To Haves

• Certifications such as AWS Solutions Architect, CISSP, CRISC, CBCI.
• Experience with internal audit and regulatory examinations; ability to curate evidence packages and close commitments.
• Familiarity with chaos engineering programs and SRE concepts from a governance and advisory perspective.
• Exposure to JIRA and Confluence; familiarity with Alteryx, Tableau, or Qlik for dashboards and MI.
• Programming or SQL experience is a plus for metrics automation and evidence curation.

Responsibilities

• Own CTC technology resiliency governance and testing strategy; align with firm objectives.
• Govern business impact assessments, recovery strategies, plans, and runbooks for critical applications; assure quality, consistency, and timely refresh.
• Define the annual test calendar (recovery strategy tests, application failover, MEPC/tabletop, threat-informed scenarios) and curate evidence to exam-ready standards.
• Manage issues, exceptions, and risk acceptances; ensure durable closure and escalation of material risks.
• Lead resilience design reviews for critical services; challenge architecture decisions and document risk-based trade-offs (e.g., multi-AZ vs multi-region, data consistency vs recovery speed).
• Advise on AWS resiliency patterns (RDS Multi-AZ/replicas, DynamoDB global tables and PITR, S3 versioning/replication/object lock, Route 53 failover, Auto Scaling), and distributed systems failure modes (timeouts, retries, backoff, circuit breakers).
• Promote resilience-by-design concepts; verify pre-deployment recovery validation for critical applications.
• Partner with engineering to implement automated failover runbooks and operational playbooks; ensure exercises drive code/config/IaC remediation.
• Plan and oversee resiliency tests; leverage chaos engineering to validate hypotheses and control effectiveness while maintaining safe blast radius.
• Publish availability and recovery SLOs with owners; track RTO/RPO attainment and mean time to recover; drive continuous improvement using data.
• Deliver clear MI and reporting for senior leadership: test coverage, SLO performance, control effectiveness, issue aging, and trends.
• Build trusted relationships across Cybersecurity LOB, Technology, architecture, risk/compliance, audit, and firmwide governance.
• Support crisis management events by coordinating communications, decision logs, regulatory notifications, and post-incident reviews with actionable lessons learned.