Technology Risk and Controls Lead

Join our GRC Frameworks and Taxonomy Team as Vice President Tech Risk & Controls Transformation this senior role you will be instrumental in defining cultivating and embedding what good looks like for technology risk and controls across the organization. You will set and uphold the big rules and standards for risk management leveraging your extensive experience and exposure to best practices to guide the uplift and transformation of controls. This role requires deep expertise in designing frameworks engaging diverse stakeholders and driving continuous improvement in risk management practices.

Key Responsibilities

Define and Cultivate Best Practices: Establish and promote a clear vision of what good looks like for technology risk and controls setting the big rules and standards that guide the organizations approach.

Frameworks and Taxonomy Leadership: Design implement and continuously enhance risk management frameworks and taxonomies ensuring clarity consistency and alignment with regulatory legal and industry standards (e.g. NIST ISO 27000 COBIT).

Controls Uplift & Transformation: Lead and execute cross-functional initiatives to uplift and transform technology controls ensuring they are robust effective and future-ready.

Stakeholder Engagement: Partner with product engineering business and control teams to embed best practices facilitate collaboration and drive adoption of frameworks and standards.

Governance and Reporting: Oversee governance reporting and issue management for controls and frameworks providing senior management with actionable insights into risk posture and control effectiveness.

Continuous Improvement: Foster a culture of operational excellence and innovation driving ongoing enhancement of risk management practices and frameworks.

Communication and Influence: Effectively communicate the vision standards and program status to senior stakeholders translating technical concepts into business impacts and ensuring buy-in across all levels.

Job Responsibilities

• Lead and execute complex cross-functional GRC programs and initiatives ensuring they achieve strategic outcomes and align with business objectives
• Communicate program status execution risks/issues and key decisions to senior stakeholders maintaining transparency and fostering informed decision-making
• Identify manage and mitigate delivery risks proactively addressing potential roadblocks and implementing contingency plans to maintain program momentum
• Partner with key stakeholders to iterate on design implement and continuously operate and enhance technology risk and control frameworks ensuring they meet industry standards and regulatory requirements
• Promote a culture of high performance operational excellence and innovation within the GRC team driving continuous improvement in risk management practices

Required Qualifications Capabilities and Skills

• Deep understanding of end-to-end GRC and Technology Risk ecosystem and lifecycle
• Experience in Technology Operations or Service Management specifically service transition incident management and problem management
• Experience in technical program management cybersecurity and technology controls roles
• Experience in 3LoD as Technology Auditor. Professional qualifications of CISA CRISC CISM CIA are most welcome
• Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner
• Competent user of service management tooling in particular ServiceNow
• Strong verbal and written communication skills to translate technical risks into business impacts and engage with stakeholders at all levels
• Strong analytical skills to dissect complex challenges conduct thorough root cause analysis and develop effective solutions
• Proven ability to apply critical thinking and structured problem-solving techniques to address issues and drive continuous improvement in risk management practices

Preferred Qualifications Capabilities and Skills:

• Experience in designing implementing and operating industry-standard frameworks such as COBIT ITIL NIST

• Experience working in 1LoD Technology Risk and Control function. We welcome candidates with experience from medium-sized firms who can demonstrate

• Deep understanding on the operability of framework requirements across Technology and Cyber operations