Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance.

The Technology Risk and Controls Lead will manage security risk and controls for corporate technology in partnership with the Business Information Security Officer for Corporate and the rest of the Cyber Security Corporate Tech leadership team. They will be engaged in projects and initiatives related to security and controls for Corporate Tech to drive down risk and enable Corporate Tech to achieve its business objectives. These will include investigating potential changes to the tools and process used by Corporate Tech to manage risks and control adherence, managing the backlog requests for reporting enhancements and coordinating with other Cyber Security and Technology Controls teams to address common challenges.

Job responsibilities

• Document and monitor operational risk and control environment to identify existing and emerging operational risk and issues
• Evaluate and document issues related to changes in the risk environment and operational risk priorities 
• Assess risks and drive actions for remediation activities
• Identify and aggregate thematic risks and trends
• Communicate heightened risk that is relevant to stakeholders and customers to ensure transparency and appropriate prioritization for remediation
• Identify technology risk impacting the business that is quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes
• Partner with Third Party Oversight teams to ensure effective vendor risk management, with a focus on Cloud computing / emerging technologies
• Maintain an understanding of application team strategies, product roadmaps and key investment programs
• Apply working experience in multiple security or risk management domains (e.g., application security, vulnerability management, data protection, encryption, logging and monitoring, network security)
• Assess technology risks and businesses and products evolve to effectively identify and suggest remediation plans.

Required qualifications, capabilities and skills

• Experience in banking and financial services
• 10 years in Technology with experience in Operational Risk including Tech/Cyber Risk
• Experience in Technology and Cyber domains e.g. Software Development, Identity and Access Management, Vulnerability Management, etc.
• Ability to work with data from disparate sources to build a cohesive view on risk
• Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.

Preferred qualifications, capabilities and skills

• Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice/standards (e.g., ITIL, NIST, ISO, PCI, SOC)
• Collaboration with internal and external technology audits (3rd Line of Defense), CCOR Operational Risk Management deep dives and testing (2nd Line of Defense), and the ability to advocate on behalf of subject matter experts
• CISM, CRISC, CISSP, or other industry-recognized risk and risk certifications