Technology Risk and Control Lead

About The Position

Requirements

• 8+ years of experience in information security, technology risk, or IT controls, including use of frameworks such as National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ISO 27001, and COBIT, and mapping controls to regulatory standards such as Federal Financial Institutions Examination Council (FFIEC), Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standard (PCI DSS).
• 8+ years of experience with governance, risk, and compliance (GRC), risk assessment, control testing, issue remediation, and vulnerability management tools and processes.
• 8+ years of experience with identity and access management, privileged access management, and access governance practices using tools such as SailPoint, Ping Identity, or equivalent platforms.
• 8+ years of experience with IT service management and collaboration tools such as ServiceNow, Jira, Confluence, or equivalent platforms supporting service level agreements, change management, backup, and resiliency processes.
• 8+ years of experience presenting risk findings, remediation status, and control priorities to business, technology, audit, and executive stakeholders.
• Bachelor's degree or higher in information security, cybersecurity, information systems, computer science, business, or a related field, or equivalent combination of education, related experience and/or military experience.

Nice To Haves

• Experience working in payments, financial technology, or large-scale merchants or acquiring environments.
• Experience coordinating with external auditors and regulators on technology and cybersecurity examinations.
• Familiarity with Lean Process Automation or Six Sigma principles applied to control remediation and process improvement.
• CISSP, CISM, CRISC, or equivalent information security or risk certification.

Responsibilities

• Develop and promote a security-first approach across the business unit by integrating technology and cybersecurity controls into planning, delivery, and operations.
• Maintain a detailed understanding of business processes, technologies, system architecture, data flows, third-party integrations, and customer touchpoints to inform risk prioritization and control design.
• Serve as a primary adviser to technology and business stakeholders on technology risk, cybersecurity risk, control effectiveness, and issue escalation.
• Partner with Legal, Compliance, Technology Risk, and Cybersecurity teams to implement and maintain policies, standards, and controls aligned to regulatory and audit requirements.
• Coordinate incident response, investigations, root cause analysis, corrective actions, and post-incident remediation with crisis management and security incident response partners.
• Identify control gaps and non-compliance issues through risk assessments, control reviews, and testing activities, then track remediation plans and report progress to stakeholders.
• Develop and maintain a technical risk roadmap in partnership with Technology Risk, Cybersecurity Engineering, and Operations, including oversight of service level agreements, resiliency processes, backup controls, and problem management.

Benefits

• annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards