Cyber Security Risk Treatment Senior Associate

Job Description

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

Cyber Security Risk Office (CSRO) is responsible for setting strategic direction in the areas of cybersecurity. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the Cyber Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on cybersecurity. Risk Treatment is responsible for the oversight, management, facilitation and reporting of the Risk Treatment (Policy Deviation and Risk Acceptance) for Technology and Information Security related risks. Responsible for identifying, managing, measuring, and mitigating a spectrum of technology and security related risks in existing and new products, activities, processes, and systems. Accountable for providing advanced technical, analytical and management skills to CSRO.

Your Primary Responsibilities:

• Manage day-to-day intake, tracking, and progression of Policy Deviation (PD) and Risk Acceptance (RA) submissions through their full lifecycle, including renewals, extensions, and closure validation.
• Perform initial completeness and quality checks on PD and RA submissions to confirm alignment with documented procedures, required artifacts, and governance standards prior to second-line review.
• Maintain accurate status tracking for all open items, including aging, upcoming expirations, and SLA adherence, escalating concerns to program leadership as needed.
• Support risk treatment and policy deviation governance forums (e.g., CRTL forums, leadership reviews) through agenda coordination, materials preparation, and action item tracking.
• Document decisions, approvals, and conditions to ensure traceability, transparency, and defensible governance outcomes.
• Produce and maintain risk treatment and policy deviation metrics, including lifecycle performance, aging trends, renewals, and items approaching or exceeding tolerance thresholds.
• Support risk tolerance updates to enterprise metric repositories (e.g., IBM BPM or successor platforms) and validate data accuracy and consistency.
• Prepare standard and ad-hoc reporting materials for senior management, governance committees, and audit or regulatory inquiries.
• Maintain PD and RA procedures, job aids, templates, and governance documentation, including publication and upkeep in Navex or successor systems.
• Ensure documentation, evidence, and decision records meet internal audit, regulatory, and examination standards.
• Act as an operational point of contact for first line teams submitting PD and RA requests, providing guidance on process expectations, timelines, and documentation requirements.
• Partner with Cyber Security Risk Office stakeholders to ensure consistent application of risk treatment standards and governance practices.
• Identify recurring issues, thematic trends, or control gaps emerging from PD and RA activity and escalate insights to program leadership for credible challenge and prioritization.
• Support program initiatives such as tooling enhancements (e.g., RAPD migration to SmartSuite), lifecycle standardization, and reporting enablement.

NOTE: The Primary Responsibilities of this role are not limited to the details above.

Qualifications:

• Bachelor's degree preferred or equivalent experience
• Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.

Talents Needed for Success:

• Strong organizational, analytical, and documentation skills with high attention to detail.
• Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
• Experience with GRC tools, data visualization tools, data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation .

About Us

With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC's subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC's Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at www.dtcc.com or connect with us on LinkedIn , X , YouTube , Facebook and Instagram .

DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.

Learn more about Clearance and Settlement by clicking here .

About the Team

Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

Client-provided location(s): Coppell, TX

Job ID: DTCC-212906

Employment Type: FULL_TIME

Posted: 2026-03-18T00:03:39