Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.

As a Tech Risk & Controls Lead in CyberSecurity & Technology Controls line of business, you will be responsible for identifying, and mitigating compliance and operational risks in line with the firm's standards. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Product Owners, Business Control Managers, and Regulators, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape.

• Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations
• Develop and maintain robust relationships, becoming a trusted partner with LOB technologists, assessments teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals
• Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work
• Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance
• Take the best of industry-leading technology control frameworks, such as ISACA COBIT, ISO 27000 and NIST SP800, developing them in to a library of Mutually Exclusive, Collectively Exhaustive control obligations
• Align and arrange individual obligations against the Financial Sector Profile, to derive a collection of discrete, actionable control groups, maintaining this extensive library within a custom-developed toolset based on the RSA Archer platform
• Transform the control definitions you develop in to a set of organization-specific Cybersecurity and Technology Control Standards, expressed as a series of SMART Control Objectives
• Prepare a corresponding set of Technology Control Procedures, the supporting documentation that provides viable implementations for each control objective, coupled with measurement instructions to enable independent assessment of control performance.
• Working in partnership with Technology Control Domains, refresh the library of Best Practices, Standards and Control Procedures on an annual basis
• Monitor regulatory developments and assess Legal Obligations impacting Global Technology.

• Experience or equivalent expertise in technology risk management, regulatory & controls experience, information security, or related field, emphasizing risk identification, assessment, and mitigation
• Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements
• Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives
• Possess a broad, foundational knowledge of cybersecurity and/or technology controls
• Have exemplary written communication skills, being able to demonstrate the ability to take complex technical concepts and express them with clarity and precision
• Be able to work independently, without close supervision, confident to take the lead on driving discrete work items to a successful conclusion
• Act as an advocate, able to compose and deliver presentations; to identify, capture and report key performance and key risk indicators and actively contribute to raising awareness of the program.

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred