Tech Risk and Controls Director

Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance. 

As a Tech Risk & Controls Director in Cybersecurity & Tech Controls, you will play a pivotal role in shaping and implementing the firm's technology risk management strategy. Leveraging your advanced knowledge and expertise in technology-risk disciplines, you will identify, oversee, and mitigate compliance and operational risks in line with the firm's standards. You will collaborate with various stakeholders, including Product Owners, Business Control Managers, and regulators, to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your ability to make calculated decisions, manage large teams, and drive strategic projects will be crucial in ensuring the firm's adherence to regulatory obligations and industry best practices. Your work will contribute to the long-term success and resilience of the organization in an ever-evolving technology landscape.

Job responsibilities

• Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm's technology risk management capabilities, in line with industry best practices and the firm's standards and regulatory requirements
• Identify and escalate emerging and upstream technology risk through execution of the Firm’s management framework tools, including risk event management, reporting, and action plan tracking, and provide expert counsel to stakeholders and constituents regarding their security obligations, facilitating acceptable outcomes
• Manage reporting and governance of overall controls, policies, issue management, and measurements, etc., providing insight to senior leaders into effectiveness of controls and inform governance work
• Create a proactive risk and control culture with respect to resiliency planning and management. Offer guidance, best practices, and support across businesses to drive awareness and understanding of the business risk and controls framework and challenges to compliance with policy.
• Work closely with various partners across the firm, including but not limited to colleagues in Enterprise Technology, Firmwide Resiliency,  Controls Managers, Business Information Security Officers, Technologists, Operational Risk Management & Compliance, Audit, as well as regional partners across the globe.
• Manage end-to-end execution of the business resiliency framework for Enterprise Technology in ERMA, including relevant testing, regional assessments and reporting to control forums.
• Act as the SME on business resiliency framework for ET and Identify areas where processes can be optimized for better outcomes.
• Devise and implement new processes to ensure BR Plans are well communicated to all ET staff and understood for their respective locations.
• Engage with Technology leaders to understand the business structure, assess business strategies and processes.  
• Further develop the premise of Technology as its own business, working with FRO and Technology to implement robust and effective Technology Essential Services (TES)

Required qualifications, capabilities, and skills

• 7 years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on managing risk identification, assessment, and mitigation
• Demonstrated expertise in risk management frameworks, industry standards, and regulatory requirements relevant to the financial industry
• Proven ability to lead large teams, manage cross-functional projects, influence executive-level strategic decision-making, and effectively translate technology insights to business strategy in communications with senior executives
• Advanced knowledge and experience leading data security, risk assessment & reporting, and control evaluation, design, and governance, with a track record of implementing effective risk mitigation strategies
• Substantial financial services experience in either; controls, resiliency mgmt., audit, quality assurance, risk management, or compliance with the ability to design, create and evaluate the operational risk and control environment in conjunction with business partners.
• Strong people management and ability to establish a team with a good and effective culture.
• Flexible, adaptable to shifting priorities; manages competing priorities to achieve the most effective result and able to work in a fast-paced, results focused environment.
• Ability to understand a process and associated risk to inform resiliency management considerations.
• Implementation skills including writing action plans and procedures, change management and the ability to make subjective and informed decisions based upon output, influence stakeholders and justify decision making
• Ability to assess risk from multiple perspectives (Legal/Regulatory/Operational/Client & Reputational) and then have meaningful business conversations, grounded in materiality and practical application
• Excellent change management, decision making, problem solving, continuous improvement, executive communication, and teamwork skills

Preferred qualifications, capabilities, and skills

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred.