Tech Risk & Controls Senior Associate

As a Tech Risk & Controls Senior Associate in Cybersecurity Products and Operations, you will play a critical role in managing technology-aligned aspects of Governance, Risk, and Compliance, in line with the firm's standards. Leverage your understanding of cybersecurity principles and experience with technical infrastructure to assess and monitor risks, and implement effective controls. Your expertise in risk identification, control evaluation, and security governance is crucial for advising on complex technical situations and enhancing the firm's risk posture. Through collaboration and technical analysis, you will contribute to the overall success of the Technology Risk & Controls team and ensure compliance with regulatory obligations and industry standards.

• Risk Identification and Management: Ensure technology risks are effectively identified, quantified, communicated, and managed, including providing recommendations for resolution and identifying root causes and key themes.
• Understand common cyber threats and vulnerabilities, provide advice on risk management strategies, and support the implementation of technical risk mitigation measures.
• Conduct Risk Assessments and Monitoring: Conduct assessments and support monitoring of technology risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices in cybersecurity.
• Proactively monitor Metrics and KRIs to identify non-compliance and assist in remediation with compensating controls to address security risk and control gaps.
• Drive a threat-driven approach to enable secure adoption of emerging technology and application development from the start.
• Support product, operations, and technology teams by identifying control weaknesses, recommending improved security measures, articulating business impacts, and educating on proactive remediation.
• Build and cultivate a security-focused culture through partnerships.

• Strong analytical skills to assess complex technical issues and develop effective solutions. Ability to think critically and make data-driven decisions.
• Demonstrated ability to analyze complex technical issues, develop and implement technical risk mitigation strategies.
• Excellent communication skills to articulate technical concepts to non-technical and senior stakeholders.
• Formal training or certification in technology risk management, and/or 3+ years of experience in information security or a related technical field, with a focus on risk identification, assessment, and mitigation.
• Experience in cybersecurity risk identification, assessment, and control evaluation, with a strong understanding of industry standards and technical architectures.
• Knowledge of cybersecurity risk management frameworks, regulations, and industry best practices.
• Understanding of cybersecurity frameworks and standards (e.g., NIST, CIS) to ensure compliance and enhance the organization's security posture.
• Knowledge of security concepts Vulnerability Management (CVE/NVD), cloud computing (AWS), EDR, SIEM, SOAR
• CRISC, CISSP, or other industry-recognized cybersecurity risk certifications.