Build and cultivate a proactive risk management culture through partnership and collaboration with CTO risk, control and technology teams to deliver customer value and improve security posture of the firm.
Accountable for risk & control governance in Product Lines to better manage, defend & drive the product lifecycle
Ensure product line risks and control gaps are acknowledged, registered and correctly treated (risk assess and approve findings/treatments, breaks, uplift programs, CORE items)
Oversight of process management, risk assessment structure for Technology Product Line
Owns effective product line interactions with CTC Assurance, Audit, Compliance, and CCOR
Owns proactive product line control reviews & to develop/enhance increased risk telemetry for all risk management personas
Provides line of sight of emerging technologies and view into how fit into current risk posture and control framework of CTO
Coordinate and monitor issue management to ensure timely and sustainable remediation and provide thematic analysis to identify trends
Proactively monitoring CORE Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps
Collaborate with team members and stakeholders on firm-mandated, product line, horizontal, and regional audits
Preferred Experience:
5 + years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment and migration.
Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.
Strong personal leadership, collaboration, bias for action and experience working within fast paced, complex and high performing Digital/Agile/Scaled Agile teams
Strong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement.
Exceptional knowledge of the firm’s Operational Risk Systems of Record
Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)
Preferable experience working in a matrix management model across globally diverse, virtual teams to deliver strategic initiatives and commitments, ideally leveraging product and Agile principles.
Preferable Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)
Preferred qualifications, capabilities, and skills
CISM, CRISC, CISSP, or other industry-recognized risk certification.