Director IT Embedded Risk

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay And Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
  
  

The Impact You Will Have In This Role

An IT ERM Director has primary responsibility for supporting and conducting targeted IT risk assessments, managing the risk profile of aligned IT capabilities, analyze and remediate risk items (e.g., issues, policy deviations), and for proactively identifying gaps in processes and controls.

The incumbent will complete and support day-to-day IT risk management activities for the Architecture and Enterprise Services (AES) department, manage deadlines and collaborator expectations, and lead or participate in projects within assigned areas of responsibility.

In carrying these responsibilities, the incumbent must work collaboratively with the IT Risk Management team (including Management Control Testing and Center of Excellence functions), other risk & control functions (e.g., Internal Audit, Technology Risk Management), as well as with IT line management (1st line).

Your Primary Responsibilities

• Proactively lead and support efforts to identify, assess, and mitigate risk within the Architecture and Enterprise Services (AES) department
• Develop and strengthen relationships with IT partners and control evaluation functions across the 3 lines of defense
• Develop, communicate, and ensure alignment to department risk policies, procedures and standard methodologies
• Contribute to development of architectural standards and methodologies including for application, platform and service architecture
• Advise and periodically review inherent and residual risk assessments for supported IT capabilities for their impact on business and functional areas incorporating indicators of control environment strength (e.g., key metrics, issues)
• Contribute to reviews, and validate the accuracy of, risk assessments conducted by the second line of defense (New Initiatives, Third Party Risk, Compliance)
• Reassess existing processes and create new ones that most effectively anticipate, lead and reduce risk to DTCC and its participants
• Cultivate an environment of regulatory awareness and ensure regulatory compliance
• Demonstrate and embed the behaviors and proficiencies that build a risk management attitude in your organization
• Support ongoing staff education; mentor and develop team members on technical capabilities and risk management concepts
• Drive successful action plan and issue closures by assessing root causes of issues, defining appropriate action plans, and ensuring sustainability of implemented solutions
• Support reviews of initiative portfolio risks with initiative sponsors, key collaborators and the New Initiatives Office
• Lead review of risk incidents, corresponding root cause analysis and remediation plan development. Proactively identify issues and trends resulting from risk incidents
  
  

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications

• Minimum of 10 years of related experience
• Bachelor's degree preferred or equivalent experience
  
  

Talents Needed For Success

• 10 years’ experience as a senior risk and control professional, preferably within technical auditing/ examination and focus in financial services industry (or other highly supervised industry)
• Background in financial services information technology or Big 4 technical advisory services a plus
• Highly motivated, diligent, self-starter, who can set priorities, take initiative and work both independently and proactively in a diverse, multi-location team environment
• Excellent analytical and problem-solving including for data identification, analysis, measurement and reporting
• Excellent written and verbal communication skills; ability to tailor messaging to various levels of management including to risk committees
• Demonstrated ability to oversee and be responsible for an IT risk team that serves as a decision-making tool for management
• Strong planning and project management skills; ability to define, communicate and balance priorities across the team
• Knowledge of the security markets, post-trade processing and clearing and settlement infrastructure preferred
• Ability to lead technical, risk focused discussions with key collaborators to analyze vulnerabilities and deviations from standards (e.g., security requirements)
• Understanding and working knowledge of Middleware technologies including distributed messaging technologies (IBM MQ), API management (Apigee edge) and web & application servers (Apache Tomcat)
• Understanding and working knowledge of architectural concepts including: application, platform and security architecture; architectural governance (e.g., measurement of technology debt, architectural drift); and performance, resiliency, and operability principles
• Exposure to risk and control concepts including process mapping (flow diagrams), risk and control identification, control evaluation (design and operating effectiveness), and related reporting is a plus
  
  

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.