Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management. 

As a Tech Risk & Controls Lead within the Compute Platforms & Network Services (CPNS) group, you will be responsible for identifying, and mitigating compliance and operational risks in line with the firm's standards. The role focuses on creating an audit-ready environment for products and services in the CPNS portfolio, including working with product teams to establish consistent and comprehensive audit documentation, establishing audit and regulatory engagement guidelines and processes and leveraging the use of automation for the collection, maintenance and dissemination of evidence for global regulatory and audit engagements.  The Tech Risk & Controls Lead will be expected to partner with senior leaders and members across CPNS, IP risk partners, as well as with first line risk and controls functions, Compliance, Conduct & Operational Risk (CCOR) stakeholders, and Internal Audit to drive adherence to existing policies and standards, regulatory requirements and effective risk & controls.

 Job Responsibilities: 

Build and cultivate an audit-ready culture across the Compute Platforms & Network Services portfolioEngage with Tech Leadership, Product Owners, Internal Audit, CCOR and Cybersecurity & Technology Controls (CTC) on an on-going basis for business-as-usual risk activities, reporting and initiativesCoordinate, track and monitor Requests for Information (RFI) responses for audit and regulatory examinationsIdentify and drive opportunities to leverage data, automation, AI/ML and self-service capabilities to aid in RFI responses, analysis, and trackingProvide credible review and challenge to senior leaders within the portfolioEnsure effective identification, quantification, communication, and management of technology risk, including understanding of root cause analysis and plausibility of remediation recommendationsBuild tracking mechanism and communication flow around global regulatory and audit exams, questions, and themesConduct analysis during and after audits as well as thematic analysis to capture trends from previous audits in/ impacting the portfolioDevelop and maintain robust relationships, becoming a trusted partner with LOB technologists, assessments teams, and data officers to facilitate cross-functional collaboration and progress toward shared goalsExecute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance workProactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance

 

Required Qualifications, Capabilities, and Skills:

5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigationExperience working in internal audit, independent risk management, or second line of defense functionFamiliarity with risk management frameworks, industry standards, and financial industry regulatory requirementsProficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategiesDemonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives

 

Preferred Qualifications, Capabilities, and Skills:

Certifications such as CISA, CRISC, CISM highly desirable