Technology Risk & Controls Lead

About The Position

Requirements

• 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation
• 10 + years of experience in Security and /or Risk Management and / or Corporate Technology with an aptitude in application and platform security
• Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.
• Strong personal leadership, collaboration, bias for action and experience working within fast paced, complex and high performing Digital/Agile/Scaled Agile teams
• Strong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement.
• Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements
• Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies
• Exceptional knowledge of the firm’s Operational Risk Systems of Record
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives

Nice To Haves

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred
• Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)
• Preferable Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)
• Preferable experience working in a matrix management model across globally diverse, virtual teams to deliver strategic initiatives and commitments, ideally leveraging product and Agile principles.

Responsibilities

• Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations
• Build and cultivate a proactive risk management culture through partnership and collaboration with CTO risk, control and technology teams to deliver customer value and improve security posture of the firm.
• Develop and maintain robust relationships, becoming a trusted partner with LOB technologists, assessments teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals
• Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work
• Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance
• Ensure technology risks and control gaps are fully assessed, acknowledged, registered and correctly treated (risk assess and approve findings/treatments, breaks, uplift programs, CORE items)
• Oversee of process management, risk assessment structure for CTO
• Owns effective product line interactions with CTC Assurance, Audit, Compliance, and CCOR
• Owns proactive product line control reviews & to develop/enhance increased risk telemetry for all risk management personas
• Provides line of sight of emerging technologies and view into how fit into current risk posture and control framework of CTO