Director IT Embedded Risk

Job Description

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

• Enhance proactive identification of Risk issues
• Develop and strengthen relationships with IT partners and control evaluation functions across the 3 lines of defense
• Develop, communicate, and ensure alignment to department risk policies, procedures and standard methodologies
• Advise and periodically review inherent and residual risk assessments for supported IT capabilities for their impact on business and functional areas incorporating indicators of control environment strength (e.g., key metrics, issues)
• Contribute to reviews, and validate the accuracy of, risk assessments conducted by the second line of defense (New Initiatives, Third Party Risk, Compliance)
• Reassess existing processes and create new ones that most effectively anticipate, lead and reduce risk to DTCC and its participants
• Cultivate an environment of regulatory awareness and ensure regulatory compliance
• Demonstrate and embed the behaviors and proficiencies that build a risk management attitude in your organization
• Support ongoing staff education; mentor and develop team members on technical capabilities and risk management concepts
• Drive successful action plan and issue closures by assessing root causes of issues, defining appropriate action plans, and ensuring sustainability of implemented solutions
• Support reviews of initiative portfolio risks with initiative sponsors, key collaborators and the New Initiatives Office
• Lead review of risk incidents, corresponding root cause analysis and remediation plan development. Proactively identify issues and trends resulting from risk incidents

• Minimum of 10 years of related experience
• Bachelor's degree preferred or equivalent experience

• 10+ years' experience as a senior risk and control professional, preferably within technical auditing/ examination and focus in financial services industry (or other highly supervised industry)
• Background in financial services information technology or Big 4 technical advisory services a plus
• Cybersecurity and Cloud security experience highly desirable
• Knowledge about AI Governance and usage of AI for IT Risk would be advantageous.
• Highly motivated, diligent, self-starter, who can set priorities, take initiative and work both independently and proactively in a diverse, multi-location team environment
• Excellent analytical and problem-solving including for data identification, analysis, measurement and reporting
• Excellent written and verbal communication skills; ability to tailor messaging to various levels of management including to risk committees
• Demonstrated ability to oversee and be responsible for an IT risk team that serves as a decision-making tool for management
• Strong planning and project management skills; ability to define, communicate and balance priorities across the team
• Knowledge of the security markets, post-trade processing and clearing and settlement infrastructure preferred
• Ability to lead technical, risk focused discussions with key collaborators to analyze vulnerabilities and deviations from standards (e.g., security requirements)
• Understanding and working knowledge of Middleware technologies including distributed messaging technologies (IBM MQ), API management (Apigee edge) and web & application servers (Apache Tomcat)
• Understanding and working knowledge of architectural concepts including: application, platform and security architecture; architectural governance (e.g., measurement of technology debt, architectural drift); and performance, resiliency, and operability principles
• Exposure to risk and control concepts including process mapping (flow diagrams), risk and control identification, control evaluation (design and operating effectiveness), and related reporting is a plus