Tech Risk and Controls Lead – Policy and Control Operations

Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance. 

As a Tech Risk & Controls Lead in Policy and Control Operations, you will partner with one or more disciplines, lines of business, Regions, or locations to respond to evolving business and regulatory control requirements and emerging threats. You will leverage your expert experience in technology risk and controls to influence secure IT operations across the firm while ensuring clarity, quality, and sustainability of technology control objectives and procedures.  Responsibilities include review and validating documented controls to reduce operational risk while ensuring compliance to the Firm's CORE risk framework and Global Technology Issue Management Standards and Practices.

Job responsibilities

• Ensure the clarity and quality of documented controls in firmwide tools.
• Process changes to controls while adhering to operational standards.
• Oversee the documentation, implementation, and monitoring of controls, ensuring consistency and sustainability.
• Serve as a trusted advisor for framework-related inquiries and control management strategies.
• Provide auditability, risk, and sustainability advisement for all technology controls.
• Develop and maintain robust relationships, becoming a trusted partner with LOB technologists, assessments teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals.

Required qualifications, capabilities, and skills

• Formal training or certification on security concepts and technology compliance, controls with 5+ years of applied experience.
• Good experience in technology audit, expertise in technology risk management, with a focus on managing risk identification, assessment, and mitigation.
• Demonstrated proficiency in audit and risk management practices .
• Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements.
• Proficient knowledge and expertise in data security, risk assessment and reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies.
• Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives.

Preferred qualifications, capabilities, and skills

•  CISA, CRISC, or similar industry-recognized risk and risk certifications.

#CTC