Tech Risk & Controls professionals play a critical role in the identification, assessment, oversight, monitoring, and reporting of compliance and operational risk in line with the firm’s standards. They are accountable for supporting and advising technology-aligned process owners in managing operational aspects of governance, risk, and compliance. Tech Risk & Controls is also responsible for the design, implementation, and maintenance of controls and risk management frameworks, and they partner with Product Security to ensure design and implemented controls are operating in alignment with firm, regulatory, legal, and industry standards as required. Tech Risk & Controls also partners with a variety of stakeholders, including Product Managers (both business and technology aligned), Business Control Managers, 2nd Line of Defense (2LOD), Audit, Compliance, and regulators to develop and report a comprehensive view of the technology risk posture and the impact on the business.

 

Responsibilities:

We are seeking a Governance Associate for the TRC function in Cloud Foundational Services. Their role will offer guidance, best practices, and support across businesses, creating reporting, improving governance and processes, leading risk reviews and vulnerability assessments, identifying threats, and communicating with senior leaders and other stakeholders.

Foundational knowledge of cybersecurity organization practices, risk management processes and principles Manage remediation activities ensuring appropriate, timely and complete resolution Communicate technology findings with leadership and Line of Business key stakeholders and provide accurate remediation metrics and management reports on a timely basis Strong report creation and presentation skills capable of speaking to all levels of the organization Demonstrate ability to conduct cross functional meetings with various Line of Business stakeholders Strong deductive reasoning, critical thinking, problem solving, and prioritization skills Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals Assist with training and spreading technology risk and control awareness within the organization, while building strong relationships and becoming a trusted risk and controls partner within the firm

 

Preferred Experience:

Excellent Project Management experience Risk management expertise in AWS services is a big plus Relevant industry certifications are preferable Ability to work with data from disparate sources to build a cohesive view on risk  Collaboration with internal and external technology audits (3rd Line of Defense), CCOR Operational Risk Management deep dives and testing (2nd Line of Defense), and the ability to advocate on behalf of subject matter experts Advanced level in Office 365 with proficiency combining data sources in Excel Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners. Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)