Technology Risk and Controls Lead Portfolio of Applications

As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO (Business Information Security Officer) organization you will serve as the trusted risk advisor for a portfolio of applications supporting Corporate this role you will provide subject matter expertise and technical guidance throughout the entire risk lifecycle including the identification of risks offering remediation guidance risk registration and risk reporting to key stakeholders such as Application Owners CTOs Chief Data Officers and Business Control Managers. You will be accountable for assessing and reporting a comprehensive view of the technology risk posture and its impact on the business. Your advanced knowledge of risk management principles practices and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. This position requires strong communication and stakeholder management skills as well as the ability to influence and guide risk decisions at both strategic and operational levels.

Job Responsibilities:

• Serve as the primary risk advisor for a portfolio of applications supporting Corporate functions.
• Provide subject matter expertise and technical guidance to key stakeholders including Application Owners CTOs Chief Data Officers and Business Control Managers.
• Lead the risk lifecycle: including the identification assessment reporting and registration of technology risks ensuring comprehensive risk coverage across the portfolio.
• Develop and deliver remediation guidance to address identified risks and support risk mitigation strategies.
• Prepare and present monthly risk posture report to stakeholders offering a clear and comprehensive view of the technology risk posture and its impact on the business.
• Drive innovative solutions to manage and mitigate risks in a dynamic and evolving risk landscape.
• Leverage advanced knowledge of risk management principles practices and theories to influence and guide risk decisions at both strategic and operational levels.
• Maintain strong communication and stakeholder management skills to ensure alignment and effective risk governance.

Required Qualifications Capabilities and Skills

• Formal Training or certification with 57 years of experience or equivalent expertise in technology risk management information security or a related field with a focus on technology risk identification assessment and control evaluation.
• Strong understanding of technology risk management frameworks and industry standards.
• Expertise and in depth knowledge in data access and vulnerability management.
• Experience in performing technology risk and control assessment for AI/ML solutions.
• Proven ability to analyze complex issues develop and implement risk mitigation strategies and communicate effectively with senior stakeholders.
• Proven ability to develop and maintain strong client and stakeholder relationships.
• Excellent organizational and project management skills with the ability to manage multiple competing priorities and deliver under tight deadlines.
• High degree of initiative and self-direction with the ability to perform well under pressure; demonstrated intellectual curiosity and capacity to learn quickly.

Preferred Qualifications Capabilities and Skills

• Industry-recognized certifications such asCRISC CISM CISSP or CISA demonstrating formal expertise in technology risk and information security management.
• Proficiency in third-party and vendor risk management including due diligence ongoing monitoring and control assessments across the vendor lifecycle.
• Familiarity with cloud security risk management (e.g. AWS Azure GCP) including shared responsibility models and cloud-native control frameworks.