Employer Description
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, we offer discretionary incentive compensation which may be awarded in recognition of firm performance and individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
Job Description
, you aim to effectively identify, monitor, evaluate and manage the firm’s technology risks and controls with a focus on the Technology Operations and Incident & Event Management related activities. You will play a pivotal role in shaping and implementing the firm’s risk management strategy in these specific areas.
Your ability to make calculated decisions and drive strategic projects will be crucial in ensuring the firm's adherence to regulatory obligations and industry best practices. Your work will contribute to the long-term success and resilience of the organization in an ever-evolving technology landscape.
You will also get the opportunity to leverage your experience and problem-solving skills to ensure the firm adequately manages its exposure related to the use of the latest technologies such as public cloud infrastructure. Using a pragmatic approach and analytical skills, you will be put in a position to influence the maintenance of the firm’s control catalog.
Job responsibilities
For the Technology Operations and Incident & Event Management risk areas, you will:
- Be part of a team of professionals in the risk areas covering Incident Management, Problem Management, Event Management, Capacity Management, Change and Release Management, Technology/Patch Maintenance, and Technology Request Fulfillment.
- Build and cultivate a security focused culture through partnership and collaboration with the business and technology teams to deliver customer value and improve the security posture of the firm.
- Provide support and guidance to Lines of Business regarding adoption and execution of the controls to enable and enhance their objectives while complying with the Firm’s global policies and its regulatory compliance requirements.
- Ensure risk impacting the business is proactively identified, quantified, communicated, and managed, including recommendations for resolution, and identifying the root cause/key themes.
- Provide continuous support for the identification/maintenance of the control objectives, relevant risk-based telemetry design, and related assessments.
- Monitor control implementations and execution to ensure compliance with technology control requirements and escalate material risk.
- Support requests from Regulatory, Audit and Compliance Engagements impacting the controls.
- Evaluate and ensure adequate coverage, and disposition of, regulatory changes relating to the processes.
- Produce and present relevant content for governance forums to inform the business of changes to control requirements and their overall risk posture.
Preferred qualifications and/or skills:
- Familiarity with risk management and governance: Experience/involvement withdeveloping and implementing risk management frameworks and governance structures to mitigate technology and security risks.
- Experience in cybersecurity, technology risk and controls, risk-based consulting, risk assessments, audit, and/or regulatory activities
- Strong written and verbal communication skills with ability to effectively communicate and present security risk and control concepts to senior business and technology partners.
- Strong analytical and problem-solving skills:Ability to analyze complex issues, identify root causes, and develop effective mitigation strategies, including in the context of emerging technologies.
- Regulatory and compliance knowledge:Familiarity with relevant regulatory requirements and industry standards (e.g., ITIL, COBIT, ISO 27001, NIST).
- Excellent communication and influencing skills:Strong ability to communicate technical concepts to non-technical stakeholders, and to influence decision-making at all levels of the organization.
- Continuous learning and adaptability:Commitment to staying current with the latest security trends, emerging technologies, and threat landscapes, and the ability to adapt strategies accordingly.
- Certifications and education: Relevant certifications such as CISSP, CISM, CEH, CRISC or equivalent, and a degree in Computer Science, Management Information Systems , Information Security, or a related field. Advanced degrees (e.g., Master's, Ph.D.) are a plus.