Tech Risk and Controls Lead - Risk Assessment Strategy & Transformation Lead

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management. 

As a Tech Risk & Controls Lead in Cybersecurity and Technology Controls, you will be responsible for identifying, and mitigating compliance and operational risks in line with the firm's standards. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Product Owners, Business Control Managers, and Regulators, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape.

We are seeking a strategic and transformational leader to join our Regulatory and Industry Risk Assessment team. This role will drive business strategy, organization transformation, and oversee program execution to ensure compliance with regulatory and industry standards such as SOX, PCI, SOC, and others. The successful candidate will lead strategic initiatives that enhance efficiency, scalability, and effectiveness across risk management practices, regulatory assessments, and control functions.

 Job responsibilities

• Provide Strategic Leadership and Risk Management by working with the Head of Regulatory and Industry Risk Assessment and leadership team to develop and implement business strategies aligned with regulatory and industry compliance frameworks (GLBA, SOX, PCI, SOC, FSP). Lead cross-functional teams to define key business objectives and prioritize initiatives for the risk assessment function. Design and execute transformation roadmaps, with a focus on increasing the maturity of all current and future risk assessment processes and procedures. 
• Drive Organizational Transformation and Change Management by leading change management efforts, including the redesign of processes, technology, and organizational structure to improve delivery and reduce complexity. Partner with senior stakeholders to assess current state operations, identify gaps, and recommend solutions to optimize regulatory risk assessments. Drive the culture of innovation and operational excellence in alignment with the organization’s broader risk strategy and transformation goals. 
• Deliver Program Management by overseeing the execution of regulatory and industry risk assessments, ensuring delivery within scope, on time, and in compliance with internal and external audit standards. Manage programs that support the firm’s global technology compliance, including managing teams to deliver audit-ready reports for regulators and industry bodies. Lead process standardization and automation initiatives to enhance reporting, reduce manual processes, and ensure sustainable compliance operations. Champion continuous improvement by leading process standardization and automation initiatives, incorporating best practices and emerging technologies. 
• Engage Stakeholders by fostering relationships with key participants across the organization, including technology, finance, and risk teams. Act as a trusted advisor to senior leadership on matters related to risk assessments, compliance, and business strategy. Collaborate with internal audit teams, external auditors, and regulatory bodies to ensure alignment with compliance expectations and timely delivery of audit requirements. 
• Be a Leader & Develop the team by ensuring they are informed of changing regulations, industry trends, and best practices in risk assessment and control. Build and manage a high-performing team, focused on delivering strategic regulatory and risk programs. Mentor and coach colleagues and team members, fostering professional development and creating a culture of collaboration and continuous improvement. 

Required qualifications, capabilities, and skills

• 5 years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation
• Experience in business strategy, organizational transformation, risk management, or regulatory compliance within a financial institution or regulated industry.
• Strong understanding of regulatory frameworks such as GLBA, SOX, PCI DSS, SOC1/2, and other financial industry regulatory requirements
• Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies
• Experience with governance, risk, and compliance (GRC) tools, automation solutions, and data-driven decision-making.
• Demonstrated success in managing large-scale programs, with a focus on strategic alignment, process improvement, and operational excellence. 
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives

Preferred qualifications, capabilities, and skills

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are prefer
• PMP or similar industry-recognized certification