IT Risk Management, Tech & Ops, Associate

About this role

About the Role

Join BlackRocks Cyber Diligence team as an Associate IT Risk Management where youll serve as a trusted advisor and technical risk evaluator for the this role youll partner with stakeholders across business and technology to assess information security risks guide decision-making and recommend effective mitigation strategies. Youll combine technical acumen with consultative skills to help shape the organizations risk posture.

Key Responsibilities

• Lead the evaluation of information security risks for new technology initiatives changes and high-risk requests acting as the central point of coordination for risk analysis and mitigation.

• Provide consultative advice to business and technology teams enabling informed risk management decisions and supporting risk acceptance or denial recommendations.

• Conduct technical risk assessments and hands-on security reviews of applications infrastructure and cloud environments leveraging industry-standard tools and frameworks.

• Conduct vulnerability scanning threat modeling and security architecture reviews using industry-standard tools.

• Analyze and interpret vulnerability scan results penetration test findings and security logs; provide actionable recommendations for remediation.

• Collaborate with engineering operations and business teams to identify assess and remediate security risks ensuring solutions are practical and aligned with business needs.

• Develop and recommend actionable mitigation strategies for identified risks balancing technical requirements with business objectives.

• Communicate complex technical and risk issues to diverse audiences in a clear authoritative and actionable manner.

• Support the documentation and continuous improvement of information security policies standards and processes.

• Assist with pre-M&A information security reviews and due diligence.

• Maintain strong working relationships with stakeholders across the organization fostering a culture of risk awareness and proactive security.

• Participate in the governance and recertification of high-risk security requests ensuring compliance with audit requirements.

Required Qualifications

• 4 years of experience in information security with at least 2 years in a risk advisory or technical risk analysis role.

• Demonstrated ability to lead and coordinate complex risk evaluations including risk acceptance and mitigation planning.

• Experience with technical risk assessment tools and methodologies (e.g. vulnerability scanning threat modeling security architecture review).

• Strong consultative and advisory skills with the ability to influence and guide stakeholders toward effective risk management decisions.

• Excellent communication skills with the ability to translate technical findings into business-relevant recommendations.

• Familiarity with information security management frameworks (e.g. NIST 800-53 ISO 27001 CIS Controls).

• Bachelors degree in Computer Science Information Security or a related field.

• Relevant certifications (CISSP CISM CISA or similar) are preferred.

Preferred Skills

• Experience with cloud platforms (AWS Azure GCP) and cloud security controls.

• Knowledge of secure software development practices and DevSecOps principles.

• Ability to perform technical deep-dives and root cause analysis of security issues.

• Strong prioritization and project management skills.

• Ability to work effectively in a global distributed team environment.

Who You Are

You are a strategic thinker with a strong technical foundation able to translate complex security risks into actionable business decisions. You thrive in collaborative environments and enjoy serving as a trusted advisor to both technical and non-technical stakeholders.

Our benefits

To help you stay energized engaged and inspired we offer a wide range of benefits including a strong retirement plan tuition reimbursement comprehensive healthcare support for working parents and Flexible Time Off (FTO) so you can relax recharge and be there for the people you care about.

Our hybrid work model

BlackRocks hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person aligned with our commitment to performance and innovation. As a new joiner you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock.

About BlackRock

At BlackRock we are all connected by one mission: to help more and more people experience financial well-being. Our clients and the people they serve are saving for retirement paying for their childrens educations buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.

This mission would not be possible without our smartest investment the one we make in our employees. Its why were dedicated to creating an environment where our colleagues feel welcomed valued and supported with networks benefits and development opportunities to help them thrive.

For additional information on BlackRock please visit @blackrock Twitter: @blackrock LinkedIn: is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age disability family status gender identity race religion sex sexual orientation and other protected attributes at law.