Tech Risk & Controls professionals play a critical role in the identification, assessment, oversight, monitoring, and reporting of compliance and operational risk in line with the firm’s standards. They are accountable for supporting and advising technology aligned process owners in managing operational aspects of governance, risk, and compliance. Tech Risk & Controls is also responsible for the design, implementation, and maintenance of controls and risk management frameworks, and they partner with Product Security to ensure design and implemented controls are operating in alignment with firm, regulatory, legal, and industry standards as required. Tech Risk & Controls also partners with a variety of stakeholders,
including Product Managers (both business and technology aligned), Business Control Managers, 2 nd Line of Defense (2LOD), Audit, Compliance, and regulators to develop and report a comprehensive view of the technology risk posture and the impact on the business.
Job Responsibilities
- Implement and where needed establish governance processes to reduce risk from failed internal processes, inadequate identification of risks, inadequate controls, and emerging risk
- Identify and aggregate thematic risks and trends
- Establishes and oversees adherence to policies and standards impacting technology and cyber risks
- Identification of technology risk impacting the business that is quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes
- Partner with Third Party Oversight teams to ensure effective vendor risk management, with a focus on Cloud computing / emerging technologies
- Maintain an understanding of Product teams strategies, product roadmaps and key investment programs
- Apply working experience in multiple security or risk management domains (e.g., application security, vulnerability management, data protection, encryption, logging and monitoring, network security)
- Assess technology risks and businesses and products evolve to effectively identify and suggest remediation plans
Required qualifications, capabilities and skills:
- Formal training or certification on software engineering concepts and 5+ years of applied experience
- Experience in banking and financial services
- 7+ years in Technology with strong experience in Operational Risk including Tech/Cyber Risk
- Strong experience in various Technology and Cyber domains, for e.g., Architecture, Vulnerability Management, Cloud, etc.
- Ability to work with data from disparate sources to build a cohesive view on risk
Preferred qualifications, capabilities and skills:
- Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice/standards (e.g., NIST, CSF, PCI, and SOC)
- Collaboration with internal and external technology audits (3rd Line of Defense), CCOR Operational Risk Management deep dives and testing (2nd Line of Defense), and the ability to advocate on behalf of subject matter experts
- Experience in API Development or API Gateways a plus
