Technology Risk & Controls Director

Job Description

Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance.

As a Tech Risk & Controls Director in Cybersecurity & Technology Controls, you will play a pivotal role in shaping and implementing the firm's technology risk management strategy. Leveraging your advanced knowledge and expertise in technology-risk disciplines, you will identify, oversee, and mitigate compliance and operational risks in line with the firm's standards. You will collaborate with various stakeholders, including Product Owners, Business Control Managers, and regulators, to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team. Your work will contribute to the long-term success and resilience of the organization in an ever-evolving technology landscape.

• Identifies and mitigates compliance and operational risks in line with the firm's standards
• Provides subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards
• Works within the Cyber Security Technology & Controls, Tech Risk & Controls Frameworks Team, in partnership with stakeholders from across Global Technology, you will lead the global programs to accurately represent and maintain the firm's complex technology operations within the Corporate Operational Risk Environment (CORE) system.
• Defines and implements the Risk Identification framework, and executing it with other Risk Identification partners to ensure identified technology risks are reflected into CORE, which provide the firm's risk management functions ability to report, monitor and mitigate emerging risks.
• Consults with technology owners in Product, Engineering and Operations to appropriately model their processes, sub-processes, risks and controls for assessment.
• Ensures technology risk and controls reference data (e.g., risk scenarios, policies, standards, procedures, etc.) is available and aligned for use in CORE, such that assessments are consistent and can be justifiably informed by the performance data gathered from the technology estate (i.e., metrics & measures).
• Consults with senior business control management to ensure technology assessments are aligned and inform business operational risk assessments in a meaningful, actionable manner.
• Collaborates closely with Operational Risk Management to ensure that technology risk and control taxonomies are optimized, and appropriately and effectively describing technology risk.
• Drives and leads change initiatives across the Firm's Risk Organization (both Technology and Business) to improve the understanding of technology risk.
• Innovates and provides analysis and thought leadership to drive improvement and enhancement to the Firms' Operational Risk framework, platform and improve the End-to-End Technology Risk Management lifecycle.
• Communicates effectively, influencing and stakeholder management are key aspects of this role, including with senior and executive management.

• Formal training or certification on technology risk & controls and information risk management fields (e.g., identification of technology risks & effective mitigants, technology risk & controls assessments, associated governance & reporting, etc.) concepts and expert applied experience. In addition, advanced experience leading technologists to manage, anticipate and solve complex technical items within your domain of expertise.
• Knowledge of compliance, conduct, and operational risk management frameworks and processes
• Experience in using common technology controls industry best practice (e.g., from NIST, ISO, ISACA, etc.) frameworks.
• Experience in identifying use cases and business logic for continuous controls monitoring and partnering with product and engineering teams to develop and implement.
• Good working knowledge of technology-relevant financial services regulation (e.g., FFIEC handbooks, etc.)
• Good working knowledge of common & current information technology implementations (additional weight given for familiarity with Public and Private Cloud Implementation)
• Inquisitive nature and comfort challenging current practices; proven track record of driving ideas forward and influencing.
• Adept at developing relationships with senior business executives; reputation for partnering across organization lines to mitigate risks.
• Excellent organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results. Use of work management platform such as JIRA to ensure operational discipline.
• Experience in identifying and using data from large data sets to support enterprise scale initiatives via analytics (such as AI/ML techniques, Alteryx, Tableau)
• Ability to collaborate with high-performing teams and diverse stakeholders to accomplish common goals, including experience working with geographically distributed and culturally diverse colleagues.