Technical Risk Management - Corporate Risk Manager - Req# 536

COCC•Rocky Hill, CT

18h•$125,000 - $150,000•Hybrid

About The Position

As an industry-leading fintech provider, COCC delivers innovative, comprehensive technology solutions and strategic partnerships throughout the Northeastern United States. Listed among American Banker's FinTech 100 and the Inc. 5,000 fastest growing companies in the nation, COCC inspires the industry with innovation and top-quality support. Designated a Top Workplace in Connecticut and a nationally Certified Great Place to Work, COCC recognizes employees as the core of our success. Inspiring you to become extraordinary in work and life. We’re looking for a Technical Risk Manager to help drive our technology risk program with a strong focus on leading and maturing our enterprise vulnerability management capability. In this role, you’ll identify, assess, monitor, and mitigate technology and cybersecurity risks, ensuring our environments operate within the organization’s risk appetite. You’ll work hands‑on with modern infrastructure, cloud platforms, and security technologies that power our financial services ecosystem. You’ll lead a highly collaborative security team that values expertise, innovation, and practical problem‑solving. This is a unique opportunity to shape a core security function, influence technology teams across the business, and make a meaningful impact on our overall security posture. This position reports directly to the Vice President of Security.

Requirements

Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field (or equivalent experience).
5–10+ years of experience in Information Security, Technology Risk, or Security Engineering within a complex environment, preferably in financial services.
2–5+ years of management experience leading security teams.
Deep hands‑on expertise with vulnerability management tools and methodologies (e.g., Qualys, Tenable, Rapid7, cloud‑native scanning, SBOM analysis).
Strong understanding of modern infrastructure and platforms including Windows/Linux servers, networking, cloud environments (AWS, Azure, or GCP), and containerized workloads.
Practical knowledge of security fundamentals such as IAM, network segmentation, endpoint security, encryption, patching processes, and secure configuration.
Familiarity with risk assessment and control validation practices related to technical risk domains.
Experience with regulatory and industry frameworks such as NIST CSF, NIST 800‑53, CIS Controls, MITRE ATT&CK, or FFIEC cybersecurity guidance.
Ability to assess complex technical issues, determine risk impact, and communicate effectively with both technical and executive audiences.
Strong collaboration, communication, and leadership skills with the ability to influence stakeholders across the organization.
Applicants for employment in the US must have work authorization that does not currently or in the future require sponsorship of a visa for employment authorization in the United States.

Nice To Haves

Preferred (but not required) certifications: CISSP, CISM, CRISC, GSEC, GCCC, GSLC, Security+, and cloud security certifications (AWS/Azure/GCP).
Familiarity with CI/CD security controls and container compliance.
Scripting or automation capabilities in Python, Perl, or PowerShell; experience with Ansible, Terraform, or n8n is a plus.

Responsibilities

Lead a team of Risk Engineers responsible for identifying, assessing, monitoring, and mitigating technology and cybersecurity risks.
Lead and manage the enterprise Vulnerability Management Program, including strategy, tooling, operational processes, dashboards, and continuous improvement.
Own the full lifecycle of vulnerability intake, prioritization, assignment, remediation tracking, and risk‑based exception handling.
Partner closely with infrastructure, cloud, DevOps, and engineering teams to ensure timely and effective remediation of unacceptable risk.
Oversee scanning technologies (e.g., Qualys, Rapid7, Tenable, cloud‑native scanners) and maintain consistent coverage across servers, endpoints, networks, containers, and cloud workloads.
Provide technical risk advisory for new technologies, major system changes, and architectural decisions, with an emphasis on practical controls and risk reduction.
Assess technical controls—including IAM, network security, endpoint protection, cloud security, and encryption—to identify weaknesses or gaps.
Translate complex technical risks into clear, business‑focused explanations for leadership, committees, and technology stakeholders.
Participate in incident response and post‑incident reviews, contributing to root‑cause analysis and long‑term mitigation strategies.
Maintain strong alignment with GRC, Security Engineering, TPRM, and other cross‑functional teams to ensure cohesive enterprise risk management.
Monitor emerging threats and vulnerabilities relevant to financial institutions and recommend proactive defense measures.
Support risk acceptance processes through risk impact analyses and technical evaluation of compensating controls.
Perform internal reviews of infrastructure operations, coordinate external assessments, and ensure alignment with relevant frameworks and industry best practices.

Benefits

Hybrid schedules and generous paid time off to support flexibility and work/life balance
Customized training and onboarding to set you up for success in your first year
Robust employee development and formal career‑pathing programs
Cutting‑edge training and educational resources from providers like SANS, PluralSight, and CBT Nuggets
Competitive compensation, comprehensive benefits, and generous PTO offerings
On‑site fitness centers, wellness incentives, and lifestyle spending accounts
Tuition reimbursement for continued education
One‑on‑one career coaching and mentorship opportunities
DEIB initiatives that champion inclusion and encourage you to bring your authentic self to work
Financial planning assistance from certified professionals
Peer recognition programs celebrating contributions and achievements