Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management.

As a Cybersecurity Risk & Compliance Assessment Lead in Cybersecurity Technology & Controls, you will be responsible for evaluating delivery, quality, and integrity across a range of Global Technology Control Assessments (GTCA), including SOX, SOC, PCI, FedRAMP, and other regulatory frameworks. This function is designed to mitigate risks, drive continuous improvement, and enhance stakeholder confidence in the assessment process. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders including Product Owners, Business Control Managers, and Regulators—you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape.

You will have the unique opportunity to help define and implement best-in-class assessment methodologies and practices. Ideal candidates will have hands-on experience executing end-to-end control reviews and assurance engagements, with a strong track record of delivering high-quality, evidence-based assessments in complex environments. This role is suited for professionals with significant experience in audit, risk, or compliance who are looking to make a strategic impact through leadership and innovation.

Job Responsibilities

Lead and execute comprehensive, independent evaluations of control and compliance assessments across all phases—planning, execution, and reporting—ensuring accuracy, reliability, consistency, and compliance throughout. Operate independently to document assessment results with clear workpapers, findings, improvement opportunities, and remediation actions. Oversee and perform testing of GTCA controls and processes, ensuring assessments are based on verified evidence and aligned with assessment methodologies and practices to address all relevant regulatory requirements, risks, and controls. Present review progress, key insights, and strategic recommendations to senior leadership and governance committees. Proactively identify, manage, and mitigate delivery risks by addressing potential obstacles and implementing contingency strategies to sustain program momentum. Foster a culture of continuous improvement and operational excellence, providing training and driving innovation in methodologies and processes. Leverage your expertise in assurance and review methodologies to ensure methodological rigor, consistent application of standards, and thorough review and validation of deliverables. Review assessments and reports to validate they are completed on schedule, based on verified data, and address relevant regulatory requirements, risks, and controls. Evaluate ongoing improvements to processes and tools, and verify that team members are well-trained and knowledgeable about current regulations and assessment practices. Ensure assessments are objective, transparent, and ethically conducted, maintaining confidentiality and data privacy, and compliance with all relevant laws, regulations, and internal policies.

Required Qualifications, Capabilities, and Skills

7+ years of experience in IT risk, audit, compliance, or control assessment, including at least 3 years of internal or external audit experience leading reviews and managing stakeholders in large financial institutions. Proven ability to lead projects and teams, manage multiple assessment reviews, and collaborate effectively across functions in complex environments. Exceptional written and verbal communication skills, with the ability to translate complex technical and regulatory information into clear, actionable messaging for diverse audiences including senior leaders, stakeholders, and clients. Detail-oriented with strong documentation skills and a demonstrated ability to learn and apply new concepts quickly. Skilled in critical thinking, root cause analysis, and structured problem-solving to drive continuous improvement. Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner. Strong background in information security, IT General Controls, risk and control frameworks, and regulatory compliance, including hands-on experience with SOX, SOC, PCI, and regulatory technology assessments. Growth mindset with the ability to drive strategy and execute at scale.

Preferred Qualifications, Capabilities, and Skills

CISA, CIA, CPA, CISSP, or similar industry-recognized risk and risk certifications are preferred.

 

#CTC