Join our dynamic team to navigate complex risk landscapes and fortify technology governance, making a pivotal impact in our firm's robust risk strategy. As a Tech Risk and Controls Lead in Chief Technology Office (CTO) , you will contribute to the successful management of technology-aligned aspects of Governance, Risk and Compliance in line with the firm's standards. Leverage your board knowledge in risk management principles and practices to asses and monitor risks and implement effective controls. Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm's risk posture. Through collaboration and analytical skills, you will contribute to the overall success of the Technology Risk & Services team and ensure compliance with regulatory obligations and industry standards. 

Responsibilities:

Build and cultivate a proactive risk management culture through partnership and collaboration with CTO risk, control and technology teams to deliver customer value and improve security posture of the firm.Accountable for risk & control governance in Product Lines to better manage, defend & drive the product lifecycleEnsure product line risks and control gaps are acknowledged, registered and correctly treated (risk assess and approve findings/treatments, breaks, uplift programs, CORE items)Oversight of process management, risk assessment structure for Technology Product Line Owns effective product line interactions with CTC Assurance, Audit, Compliance, and CCOROwns proactive product line control reviews & to develop/enhance increased risk telemetry for all risk management personasProvides line of sight of emerging technologies and view into how fit into current risk posture and control framework of CTOCoordinate and monitor issue management to ensure timely and sustainable remediation and provide thematic analysis to identify trendsProactively monitoring CORE Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gapsCollaborate with team members and stakeholders on firm-mandated, product line, horizontal, and regional audits

Preferred Experience: 

5 + years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment and migration.Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.Strong personal leadership, collaboration, bias for action and experience working within fast paced, complex and high performing Digital/Agile/Scaled Agile teamsStrong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement.Exceptional knowledge of the firm’s Operational Risk Systems of RecordPreferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)Preferable experience working in a matrix management model across globally diverse, virtual teams to deliver strategic initiatives and commitments, ideally leveraging product and Agile principles.Preferable Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)

Preferred qualifications, capabilities, and skills

CISM, CRISC, CISSP, or other industry-recognized risk certification.