Job Description

Join our team to innovate in risk mitigation, leveraging your skills in a fast-paced, impactful environment.

As a Tech Risk & Controls Associate in Cloud Foundational Services (CFS) function, you will be a part of a team that supports the audits/assessment/attestations/regulatory exams conducted by Internal Audit teams (3rd Line Of Defense (LOD)), Compliance, Conduct and Operational Risk (CCOR) (2nd LOD), External Auditors and Technology Governance, Risk & Controls (GRC).
 

You will support product/platform/service/process owners by leading and managing the engagements from beginning of the audit i.e. Planning Phase to the end i.e. Reporting Phase. 

As a valued member of the team, you will have the opportunity to learn and grow in a dynamic and fast-paced environment, making a tangible impact on technology risk and controls at the firm.

Job responsibilities

Assesses and monitors technology risks, ensuring compliance with firm standards, regulatory requirements, and industry best practicesSupports implementation of effective controls in collaboration with cross-functional teams and stakeholdersEvaluates the effectiveness of existing controls, identifies gaps, and recommends improvements to mitigate risks and enhance the firm's risk postureAnalyzes complex situations, provide advice on risk management strategies, and support the implementation of risk mitigation measuresLeads and manages all audit/assessment engagements for CFSPerforms control reviews and risk assessments for the processes owned by CFSProactively identifies risks and periodic reporting of the sameSupports process owners in managing operational risk and provides transparency to stakeholdersMonitors and evaluates the effectiveness of implemented controls, contributing to the recommendations for improvements and addressing gaps in risk managementCommunicates risk-related findings and updates to relevant stakeholders, ensuring alignment with organizational objectives and risk appetite 

Required qualifications, capabilities, and skills

Formal experience or equivalent expertise in technology risk management, information security, or a related fieldExperience in risk identification, assessment, and control evaluation, with a strong understanding of industry standardsDemonstrated ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholdersIn-depth knowledge on firm wide risk management and technology hygiene management toolsProficient in risk identification, assessment, and control evaluation, with a strong understanding of industry standardsExposure to risk management frameworks, regulations, and industry best practices 

Preferred qualifications, capabilities, and skills

Cloud Certifications, CISM, CRISC, CISSP, or other industry-recognized risk certifications