Tech Risk

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management. 

As a Tech Risk & Controls Lead - Product Assessments in Cybersecurity Technology & Controls, you will be responsible for evaluating product delivery, quality, and integrity across a range of technology control assessment products (including SOX, SOC, PCI, FedRAMP, and other regulatory frameworks). This function is designed to mitigate risks, drive continuous improvement, and enhance stakeholder confidence in the assessment process. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Product Owners, Business Control Managers, and Regulators, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape.

 Job responsibilities

• Lead and execute product assessment reviews across the full lifecycle (planning, design, execution, reporting), ensuring accuracy, reliability, consistency, and compliance throughout all phases.
• Operate independently to document product assessment results with clear findings, improvement opportunities, and remediation actions.
• Communicate product assessment program status, key findings, and improvement opportunities to senior management and governance committees.
• Identify, manage, and mitigate delivery risks, proactively addressing potential roadblocks and implementing contingency plans to maintain program momentum.
• Foster a culture of continuous improvement and operational excellence, providing training and driving innovation in methodologies and processes.
• Review assessments and reports to validate they are completed on schedule, based on verified data, and address relevant regulatory requirements, risks, and controls.
• Ensure methodological rigor, consistent application of standards, and thorough review and validation of deliverables.
• Evaluate ongoing improvements to processes and tools, and verify that team members are well-trained and knowledgeable about current regulations and assessment practices.
• Ensure assessments are objective, transparent, and ethically conducted, maintaining confidentiality and data privacy, and compliance with all relevant laws, regulations, and internal policies.

Required qualifications, capabilities, and skills

• Obtain 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation within a financial institution. 
• Proven ability to lead projects and teams, manage multiple assessment reviews, and collaborate effectively across functions in complex environments.
• Exceptional written and verbal communication skills, with the ability to translate complex technical and regulatory information into clear, actionable messaging for diverse audiences including senior leaders, stakeholders, and clients.
• Detail-oriented with strong documentation skills and a demonstrated ability to learn and apply new concepts quickly.
• Skilled in critical thinking, root cause analysis, and structured problem-solving to drive continuous improvement.
• Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner.
• Strong background in information security, IT General Controls, risk and control frameworks, and regulatory compliance, including hands-on experience with SOX, SOC, PCI, and regulatory technology assessments.
• Growth mindset with the ability to drive strategy and execute at scale.

Preferred qualifications, capabilities, and skills

• CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred

#CTC