VP of Technology, Risk and Compliance

Job Description: Technology Risk Professional

The Technology Risk function plays a pivotal role in ensuring the firm accurately identifies, measures, and mitigates technology-related risks while assessing the effectiveness of associated controls. We are looking for a highly skilled Technology Risk Professional to join our team and contribute to driving transformation by leveraging technology and enhancing processes.

Key Responsibilities:

• Oversee the full lifecycle of risk management, including risks, controls, and remediation efforts.
• Cultivate strong relationships with stakeholders across Technology, corporate, and business functions.
• Assist in the identification, assessment, management, and reporting of technology risks.
• Provide impact and criticality assessments to support informed risk decision-making, adhering to internal and external policies.
• Collaborate with Technology stakeholders to define and develop key risk indicators (KRIs) and key performance indicators (KPIs).
• Ensure compliance with risk frameworks, identifying areas for improvement or gaps.

Key Areas of Focus:

Risk Management & Framework Oversight:

• Support the Head of Information Security and Technology Risk in risk monitoring and control framework oversight.
• Manage and enhance risk and control frameworks to ensure alignment with industry standards such as ISO and NIST.
• Perform risk assessments, gap analyses, and evaluate the effectiveness of controls while recommending mitigation strategies.
• Balance risk management goals with business needs to ensure a pragmatic approach to technology risk.

Technology Risk Monitoring & Reporting:

• Lead risk monitoring activities and reporting, including developing risk metrics (KRIs and KPIs) and dashboards for effective communication.
• Chair weekly Technology Risk and Audit meetings to monitor progress, resolve issues, and ensure cross-team alignment.

Audit, Remediation & Compliance:

• Manage and track internal and external audit requests, ensuring responses are thorough and accurate.
• Partner with business units to address technology risks, provide recommendations, and develop solutions for audit findings.

Policy & Process Management:

• Continuously refine the firm’s policy framework by reviewing and updating policies, procedures, standards, and guidelines.
• Lead and manage annual entitlement reviews, collaborating with department heads to ensure accuracy and compliance.

Incident Response & Operational Risk:

• Lead the creation of Operational Risk Incident reports following security incidents, overseeing documentation during and after events.
• Work with stakeholders to identify root causes and develop strategies for effective risk mitigation.

Third-Party & Vendor Risk Management:

• Manage the technical third-party risk management process, including vendor assessments and ongoing monitoring.
• Ensure vendor and third-party relationships are compliant with the firm’s risk management and regulatory standards.

Qualifications: We are seeking highly motivated and results-driven professionals with a proven track record of excellence. Ideal candidates should possess the following:

• Bachelor’s degree in Computer Science, Engineering, Information Systems, Policy, or a related field (preferred).
• 5-7 years of experience in technology risk management.
• Deep knowledge of cyber risk frameworks (e.g., ISO 27001, NIST 800-53) and IT governance standards.
• Familiarity with regulatory requirements such as SOX and SOC II Type II reports.
• Experience with risk management platforms (e.g., RSAM or similar).
• Strong expertise in identity and access management, technology, cyber, and regulatory risks.
• Familiarity with data privacy regulations and compliance standards.
• Exceptional communication, technical writing, and presentation skills.
• Strong knowledge of compliance policies (finance background is a plus) and information security best practices.