Technology Risk and Controls Lead

Join our GRC Frameworks and Taxonomy Team as Vice President, Tech Risk & Controls Transformation Lead. In this senior role, you will be instrumental in defining, cultivating, and embedding "what good looks like" for technology risk and controls across the organization. You will set and uphold the big rules and standards for risk management, leveraging your extensive experience and exposure to best practices to guide the uplift and transformation of controls. This role requires deep expertise in designing frameworks, engaging diverse stakeholders, and driving continuous improvement in risk management practices.

Key Responsibilities

Define and Cultivate Best Practices: Establish and promote a clear vision of "what good looks like" for technology risk and controls, setting the big rules and standards that guide the organization's approach.

Frameworks and Taxonomy Leadership: Design, implement, and continuously enhance risk management frameworks and taxonomies, ensuring clarity, consistency, and alignment with regulatory, legal, and industry standards (e.g., NIST, ISO 27000, COBIT).

Controls Uplift & Transformation: Lead and execute cross-functional initiatives to uplift and transform technology controls, ensuring they are robust, effective, and future-ready.

Stakeholder Engagement: Partner with product, engineering, business, and control teams to embed best practices, facilitate collaboration, and drive adoption of frameworks and standards.

Governance and Reporting: Oversee governance, reporting, and issue management for controls and frameworks, providing senior management with actionable insights into risk posture and control effectiveness.

Continuous Improvement: Foster a culture of operational excellence and innovation, driving ongoing enhancement of risk management practices and frameworks.

Communication and Influence: Effectively communicate the vision, standards, and program status to senior stakeholders, translating technical concepts into business impacts and ensuring buy-in across all levels.

Job Responsibilities

• Lead and execute complex, cross-functional GRC programs and initiatives, ensuring they achieve strategic outcomes and align with business objectives
• Communicate program status, execution risks/issues, and key decisions to senior stakeholders, maintaining transparency and fostering informed decision-making
• Identify, manage, and mitigate delivery risks, proactively addressing potential roadblocks and implementing contingency plans to maintain program momentum
• Partner with key stakeholders to iterate on design, implement, and continuously operate and enhance technology risk and control frameworks, ensuring they meet industry standards and regulatory requirements
• Promote a culture of high performance, operational excellence, and innovation within the GRC team, driving continuous improvement in risk management practices

• Deep understanding of end-to-end GRC and Technology Risk ecosystem and lifecycle
• Experience in Technology Operations or Service Management, specifically service transition, incident management and problem management
• Experience in technical program management, cybersecurity, and technology controls roles
• Experience in 3LoD as Technology Auditor. Professional qualifications of CISA, CRISC, CISM, CIA are most welcome
• Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner
• Competent user of service management tooling, in particular ServiceNow
• Strong verbal and written communication skills to translate technical risks into business impacts and engage with stakeholders at all levels
• Strong analytical skills to dissect complex challenges, conduct thorough root cause analysis, and develop effective solutions
• Proven ability to apply critical thinking and structured problem-solving techniques to address issues and drive continuous improvement in risk management practices

• Experience in designing, implementing, and operating industry-standard frameworks such as COBIT, ITIL, NIST
• Experience working in 1LoD Technology Risk and Control function. We welcome candidates with experience from medium-sized firms who can demonstrate
• Deep understanding on the operability of framework requirements across Technology and Cyber operations