Cyber Security Risk Governance Senior Associate

Job Description

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

Cyber Security Risk Office (CSRO) is responsible for setting strategic directions in the areas of cybersecurity. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the Cyber Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on cybersecurity. The Cyber Security Risk Governance Senior Associate role supports the execution and coordination of the enterprise cybersecurity risk framework, including governance processes, policy and standards management, risk taxonomy maintenance, and reporting activities. The individual helps ensure second-line governance practices are consistent, well-documented, and aligned to regulatory, audit, and enterprise risk management expectations.

Your Primary Responsibilities:

• Support the maintenance and alignment of cyber risk governance frameworks to enterprise and industry models (e.g., CRI, DTCC Corporate Risk Management Policy), including documenting governance processes for risk oversight, aggregation, and reporting.
• Support the mapping of policies to control standards, cyber risks, and KRIs to help maintain traceability across governance, reporting, and risk treatment activities.
• Assist in the development, maintenance, and periodic refresh of Cyber Security Risk Appetite and Risk Tolerance materials, including support for metric updates, documentation, and review coordination.
• Support the development, maintenance, and publication of cybersecurity policies and control standards within SmartSuite or other designated governance platforms.
• Maintain cyber risk taxonomy, top risk, and enterprise risk classification documentation, including support for updates, change tracking, and version control.
• Support top cyber risk identification and prioritization activities by coordinating inputs, maintaining supporting documentation, and preparing materials for annual assessments and review discussions.
• Coordinate credible challenge activities for top cyber risks by organizing stakeholder feedback, documenting outcomes, and tracking follow-up actions.
• Support Cyber Risk Institute (CRI) maturity and controls assessments through evidence gathering, coordination with stakeholders, and tracking of assessment outputs.
• Prepare and maintain governance committee reporting templates, recurring materials, and status updates to support consistent and comparable cyber risk reporting.
• Support the development of reporting content for senior management and governance forums, including cyber risk posture summaries, trends, and emerging themes.
• Coordinate with CSRO, GCRO, ORM, IT, and other stakeholders to help ensure consistent interpretation and application of cyber risk governance standards.
• Support alignment to applicable regulatory and industry cyber risk management expectations (e.g., NIST CSF, CRI Profile, or equivalent) through documentation, evidence preparation, and control mapping support.
• Partner across the Cyber Security Risk Office and first-line teams to support integrated governance, treatment, risk analytics, and reporting activities.
• Maintain traceability and auditability of governance outputs by organizing documentation, evidence, approvals, and decision records in line with internal audit and regulatory expectations.

NOTE: The Primary Responsibilities of this role are not limited to the details above.

Qualifications:

• Bachelor's degree preferred or equivalent experience.
• Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.

Talents Needed for Success:

• Strong organizational, analytical, and documentation skills with high attention to detail.
• Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
• Experience with GRC tools, data visualization tools, data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation .

About Us

With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC's subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC's Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at www.dtcc.com or connect with us on LinkedIn , X , YouTube , Facebook and Instagram .

DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.

Learn more about Clearance and Settlement by clicking here .

About the Team

Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.

Client-provided location(s): Coppell, TX

Job ID: DTCC-213940

Employment Type: FULL_TIME

Posted: 2026-06-22T20:56:26