As a member of the Technology Risk Management Team, you will be responsible for identifying, assessing, monitoring, and mitigating technology risks while managing projects and initiatives related to Risk and Controls for Technology. This role focuses on ensuring robust risk frameworks, maintaining operational resilience, and driving compliance with regulatory requirements and industry standards. The projects you manage typically span multiple businesses across Investment Banking Technology, working through strong partnership with Enterprise Technology and Application teams.

Key Responsibilities

Identify, assess, and monitor technology risks across infrastructure, applications, and business processes Develop and maintain risk assessment frameworks, methodologies, and reporting mechanisms Conduct frequent reporting and tracking of Key Risk Indicators Drive compliance with regulatory requirements, industry standards, and firmwide policies Conduct risk assessments for new initiatives, system changes, and third-party relationships Collaborate with technology teams to design and implement effective risk controls Facilitate forums to address the priority of reported enhancements and issues Gather/analyze complex data and develop accurate conclusions to understand risk implications Prepare comprehensive risk reports and present findings to senior management and stakeholders Support internal and external audits by providing risk documentation and evidence Evaluate existing project management processes and explore AI/ML for automation opportunities

 

Required qualifications, capabilities & skills 

Risk Management:

Strong understanding of technology risk frameworks (CISM, CRISC, CISSP, or similar certifications preferred) Experience conducting technology risk assessments and control evaluations Ability to identify emerging risks and develop mitigation strategies Proven track record implementing risk management programs in complex technology environments

Resilience:

Experience assessing and improving operational resilience of technology systems Knowledge of business continuity planning, disaster recovery, and incident response Understanding of system dependencies and critical service identification

Compliance:

Deep knowledge of regulatory requirements (SOX, GDPR, PCI-DSS, or industry-specific regulations) Experience preparing for and supporting regulatory examinations and audits Strong understanding of control frameworks and evidence management Ability to translate regulatory requirements into actionable technology controls

Technical & Analytical Skills:

Working knowledge of technology infrastructure, cloud services, and application development Experience with risk management tools and GRC platforms Strong analytical skills with ability to synthesize complex information Advanced experience using Microsoft Office, including Excel and PowerPoint

Project Management & Leadership:

Experience with project management across the full project lifecycle Excellent verbal and written communication skills, including ability to present complex risk concepts to senior management Highly disciplined, self-motivated, and delivery-focused with ability to work independently Ability to positively influence change and manage multiple priorities in dynamic environments Proven ability to collaborate across multiple teams in a global organization Advanced English level; Bachelor's degree from an accredited institution desirable

Preferred capabilities, qualifications & skills 

Basic understanding of Cloud Platforms (e.g. AWS) Exposure to AI/ML patterns and models Previous experience with cyber technologies and controls