Tech Risk and Controls Director

Join a role thats central to our technological resilience offering a unique opportunity to shape the firms tech risk strategy and enhance industry compliance.

As a Tech Risk & Controls Director in Cybersecurity & Tech Controls you will play a pivotal role in shaping and implementing the firms technology risk management strategy. Leveraging your advanced knowledge and expertise in technologyrisk disciplines you will identify oversee and mitigate compliance and operational risks in line with the firms standards. You will collaborate with various stakeholders including Product Owners Business Control Managers and regulators to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your ability to make calculated decisions manage large teams and drive strategic projects will be crucial in ensuring the firms adherence to regulatory obligations and industry best practices. Your work will contribute to the longterm success and resilience of the organization in an everevolving technology landscape.

Job responsibilities

• Develop and implement technology risk management strategies policies and processes to identify assess and mitigate risks and drive strategic projects and initiatives to enhance the firms technology risk management capabilities in line with industry best practices and the firms standards and regulatory requirements
• Identify and escalate emerging and upstream technology risk through of the Firms management framework tools including risk event management reporting and action plan tracking and provide expert counsel to stakeholders and constituents regarding their security obligations facilitating acceptable outcomes
• Manage reporting and governance of overall controls policies issue management and measurements etc. providing insight to senior leaders into effectiveness of controls and inform governance work
• Create a proactive risk and control culture with respect to resiliency planning and management. Offer guidance best practices and support across businesses to drive awareness and understanding of the business risk and controls framework and challenges to compliance with policy.
• Work closely with various partners across the firm including but not limited to colleagues in Enterprise Technology Firmwide Resiliency Controls Managers Business Information Security Officers Technologists Operational Risk Management & Compliance Audit as well as regional partners across the globe.
• Manage endtoend of the business resiliency framework for Enterprise Technology in ERMA including relevant testing regional assessments and reporting to control forums.
• Act as the SME on business resiliency framework for ET andIdentify areas where processes can be optimized for better outcomes.
• Devise and implement new processes to ensure BR Plans are well communicated to all ET staff and understood for their respective locations.
• Engage with Technology leaders to understand the business structure assess business strategies and processes.
• Further develop the premise of Technology as its own business working with FRO and Technology to implement robust and effective Technology Essential Services (TES)

Required qualifications capabilities and skills

• 7 years of experience or equivalent expertise in technology risk management information security or a related field with a focus on managing risk identification assessment and mitigation
• Demonstrated expertise in risk management frameworks industry standards and regulatory requirements relevant to the financial industry
• Proven ability to lead large teams manage crossfunctional projects influence executivelevel strategic decisionmaking and effectively translate technology insights to business strategy in communications with senior executives
• Advanced knowledge and experience leading data security risk assessment & reporting and control evaluation design and governance with a track record of implementing effective risk mitigation strategies
• Substantial financial services experience in either; controls resiliency mgmt. audit quality assurance risk management or compliance with the ability to design create and evaluate the operational risk and control environment in conjunction with business partners.
• Strong people management and ability to establish a team with a good and effective culture.
• Flexible adaptable to shifting priorities; manages competing priorities to achieve the most effective result and able to work in a fastpaced results focusedenvironment.
• Ability to understand a process and associated risk to inform resiliency management considerations.
• Implementation skills includingwriting action plans and procedures change management and the ability to make subjective and informed decisions based upon output influence stakeholders and justify decision making
• Ability to assess risk from multiple perspectives (Legal/Regulatory/Operational/Client & Reputational) and then have meaningful business conversations grounded in materiality and practical application
• Excellent change management decision making problem solving continuous improvement executive communication and teamwork skills

Preferred qualifications capabilities and skills

• CISM CRISC CISSP or similar industryrecognized risk and risk certifications are preferred.