Cloud Governance Technology Risk & Controls Lead Vp
Tech Risk & Controls professionals play a critical role in the identification, assessment, oversight, monitoring, and reporting of compliance and operational risk in line with the firm’s standards. They are accountable for supporting and advising technology-aligned process owners in managing operational aspects of governance, risk, and compliance. Tech Risk & Controls is also responsible for the design, implementation, and maintenance of controls and risk management frameworks, and they partner with Product Security to ensure design and implemented controls are operating in alignment with firm, regulatory, legal, and industry standards as required.
Ensure you read the information regarding this opportunity thoroughly before making an application.
Operating within the Cloud Foundational Services product line, a part of Infra Platforms (IP), you will provide a pivotal role in ensuring our public cloud capabilities are operating safely and securely. You will manage the overall book of work for ensuring the compliance of our public cloud platform, facing off to regulators, auditors, and our Cybersecurity & Technology Control function. You will partner closely with both the product management and engineering functions to ensure the work is appropriately prioritized to ensure the technology landscape is operating within the risk appetite, and provide transparent reporting to senior management on the overall risk position of the product line.
Responsibilities:
* We are seeking a Governance Lead for the TRC function in Cloud Foundational Services. Their role will offer guidance, best practices, and support across businesses, creating reporting, improving governance and processes, leading risk reviews and vulnerability assessments, identifying threats, and communicating with senior leaders and other stakeholders.
* Foundational knowledge of cybersecurity organization practices, risk management processes and principles.
* Manage remediation activities ensuring appropriate, timely and complete resolution.
* Communicate technology findings with leadership and Line of Business key stakeholders and provide accurate remediation metrics and management reports on a timely basis.
* Strong report creation and presentation skills capable of speaking to all levels of the organization.
* Demonstrate ability to conduct cross functional meetings with various Line of Business stakeholders.
* Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.
* Relevant certifications include: CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk Management) and CISA (Certified Information Systems Auditor).
* Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals.
* Assist with training and spreading technology risk and control awareness within the organization, while building strong relationships and becoming a trusted risk and controls partner within the firm.
Preferred Experience:
* Background in Technology with strong experience in Operational Risk including Tech/Cyber Risk.
* Strong experience in various Technology and Cyber domains, for e.g., Architecture, Vulnerability Management, Cloud, etc.
* Risk management expertise in AWS services is a big plus.
* Relevant industry certifications are preferable.
* Ability to work with data from disparate sources to build a cohesive view on risk.
* Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice/standards (e.g., ITIL, NIST, ISO, PCI, SOC).
* Collaboration with internal and external technology audits (3rd Line of Defense), CCOR Operational Risk Management deep dives and testing (2nd Line of Defense), and the ability to advocate on behalf of subject matter experts.
* Advanced level in Office 365 with proficiency combining data sources in Excel.
* Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.
#J-18808-Ljbffr