Technology Risk and Control Lead

About The Position

Requirements

• 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation.
• Familiarity with risk management frameworks, industry standards, and technology regulatory requirements.
• Proficient knowledge and expertise in resiliency, data security, risk assessment & reporting, controls evaluation, design, execution and governance, with a proven record of implementing effective risk mitigation strategies.
• Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support technology risk and controls workflows with strong validation habits and awareness of data sensitivity.
• Ability to review and validate AI-assisted risk summaries and recommendations before use, escalating when uncertain and ensuring outcomes align to security, auditability, and regulatory expectations.
• Demonstrated ability to influence management-level strategic decision-making and translating technology insights into business strategies for senior executive.

Nice To Haves

• CISM, CISA, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred.
• Experience with Microsoft suite (PowerPoint, Excel, Word).
• Experience with Atlassian (JIRA, Confluence).
• Experience an ex auditor within technology monitoring.
• Cybersecurity lead within remediation.
• Technology engineer who is risk focused and heavier on infrastructure/configuration domain.

Responsibilities

• Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations.
• Lead and participate on technology audit engagements, from planning to reporting, and produce quality deliverables to both department and professional standards, while ensuring audits are completed timely and within budget.
• Finalize audit findings and use judgment to provide an overall opinion on the control environment by developing recommendations to strengthen internal controls.
• Uses enterprise-authorized AI capabilities within the work environment to accelerate synthesis of risk/control evidence and draft executive-ready reporting, validating outputs and handling data according to sensitivity and security requirements
• Engaging and supporting stakeholders across Global Technology, 2nd and 3rd lines of defense and our regulators.
• Develop and maintain periodic analytics to provide management with full insight into emerging trends and key risks.
• Communicate audit findings to management, and identify opportunities for improvement in the design and effectiveness of key controls.
• Promotes reuse-first, AI-assisted approaches to streamline recurring control testing and issue/action-plan management routines, ensuring human review and alignment to auditability and regulatory expectations.
• Develop and maintain robust relationships, becoming a trusted partner with technologists, assessments teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals.
• Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance.