Tech Risk and Controls Lead Resiliency

The Tech Risk and Controls Lead will be a technically fluent advisor who owns the resiliency governance for all CTC applications and will partners with engineering teams to design validate and continuously improve recovery strategies and architectures. You will challenge technical decisions provide pragmatic guidance on AWS and distributed systems resiliency and ensure critical CTC business processes remain within impact tolerances during disruptions. This role blends strategic oversight with hands-on technical engagement in testing architecture reviews and data-driven insights.

Job Responsibilities:

• Own CTC technology resiliency governance and testing strategy; align with firm objectives.
• Govern business impact assessments recovery strategies plans and runbooks for critical applications; assure quality consistency and timely refresh. Define the annual test calendar (recovery strategy tests application failover MEPC/tabletop threat-informed scenarios) and curate evidence to exam-ready standards.
• Manage issues exceptions and risk acceptances; ensure durable closure and escalation of material risks. Lead resilience design reviews for critical services; challenge architecture decisions and document risk-based trade-offs (e.g. multi-AZ vs multi-region data consistency vs recovery speed). Advise on AWS resiliency patterns (RDS Multi-AZ/replicas DynamoDB global tables and PITR S3 versioning/replication/object lock Route 53 failover Auto Scaling) and distributed systems failure modes (timeouts retries backoff circuit breakers).
• Promote resilience-by-design concepts; verify pre-deployment recovery validation for critical applications. Partner with engineering to implement automated failover runbooks and operational playbooks; ensure exercises drive code/config/IaC remediation.
• Plan and oversee resiliency tests; leverage chaos engineering to validate hypotheses and control effectiveness while maintaining safe blast radius. Publish availability and recovery SLOs with owners; track RTO/RPO attainment and mean time to recover; drive continuous improvement using data.
• Deliver clear MI and reporting for senior leadership: test coverage SLO performance control effectiveness issue aging and trends.
• Build trusted relationships across Cybersecurity LOB Technology architecture risk/compliance audit and firmwide governance. Support crisis management events by coordinating communications decision logs regulatory notifications and post-incident reviews with actionable lessons learned.
  

Required Qualifications & Skills:

• Formal training or certification with 5 years in technology resiliency operational resilience or technology architecture in cloud-enabled environments; strong fluency with AWS resiliency constructs.
• Demonstrated ability to challenge and guide technical teams on resilient architectures and recovery strategies; comfort discussing trade-offs and failure modes.
• Experience planning and overseeing large-scale tests/exercises and translating findings into code/config/IaC remediation.
• Strong knowledge of distributed systems patterns (timeouts retries backoff circuit breakers) network architecture cyber risk and business continuity principles.
• Proficiency in data analysis and MI (Excel or similar) to derive insights on SLOs RTO/RPO and control effectiveness; ability to communicate risk-based recommendations to senior stakeholders.
• Familiarity with Infrastructure as Code (Terraform or AWS CloudFormation) and automation concepts to effectively assess and guide guardrails and recovery automation.
• Excellent communication stakeholder management and program leadership; proven ability to drive accountability across multiple teams.
  

Preferred Qualifications:

• Certifications such as AWS Solutions Architect CISSP CRISC CBCI.
• Experience with internal audit and regulatory examinations; ability to curate evidence packages and close commitments.
• Familiarity with chaos engineering programs and SRE concepts from a governance and advisory perspective.
• Exposure to JIRA and Confluence; familiarity with Alteryx Tableau or Qlik for dashboards and MI.
• Programming or SQL experience is a plus for metrics automation and evidence curation.