Join our dynamic team to navigate complex risk landscapes and fortify technology governance, making a pivotal impact in our firm's robust risk strategy.

As a Tech Risk & Controls Senior Associate in Enterprise Technology, Cybersecurity & Tech controls, you will contribute to the successful management of technology-aligned aspects of Governance, Risk, and Compliance in line with the firm's standards. Leverage your broad knowledge in risk management principles and practices to assess and monitor risks and implement effective controls. Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm’s risk posture. Through collaboration and analytical skills, you will contribute to the overall success of the Technology Risk & Services team and ensure compliance with regulatory obligations and industry standards.

The Global Technology Metrics Governance team is tasked with overseeing and enhancing the framework for technology risk metrics. This team is pivotal in the onboarding and management of these metrics.

Job responsibilities

Engage with stakeholders in Global Technology, Risk, and Audit to enhance reporting and metrics processes. Partner with firm-wide teams to define and refine technology risk metrics, including developing KRIs and KPIs. Learn and advise on regulatory and industry best practices for setting KPI and KRI thresholds. Monitor technology risks and mitigation effectiveness, updating metrics as needed and assessing impacts from system changes. Evaluate the inclusion or exclusion of metrics and communicate findings to partners. Align risk measurement practices with organizational policies, industry standards, and regulations, identifying enhancement opportunities. Conduct root cause analysis of metric breaches and communicate implications. Present technology risk metrics performance updates to senior management and risk committees. 

Required qualifications, capabilities, and skills

3+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk identification, assessment, and mitigation Minimum of four years' experience in technology risk management or cybersecurity, with a focus on governance, risk assessment, metrics development, and data analysis. Broad knowledge of application architecture, infrastructure, security principles, and technology risks/controls. Excellent communication and presentation skills to simplify and convey complex risk information to stakeholders. The candidate must be highly organized and capable of managing multiple priorities and demands effectively. Ability to quickly learn and articulate changes in technology risk landscapes and emerging technologies. Proficiency in data analytics and statistical modeling techniques.

Preferred qualifications, capabilities, and skills

CISM, CRISC, CISSP, or other industry-recognized risk certifications