Tech Risk & Controls Associate - Cloud Platforms

Job Description

Join our team to innovate in risk mitigation, leveraging your skills in a fast-paced, impactful environment.

As a Tech Risk & Controls Associate in Cloud Foundational Services (CFS) function, you will be a part of a team that supports the audits/assessment/attestations/regulatory exams conducted by Internal Audit teams (3rd Line Of Defense (LOD)), Compliance, Conduct and Operational Risk (CCOR) (2nd LOD), External Auditors and Technology Governance, Risk & Controls (GRC).

You will support product/platform/service/process owners by leading and managing the engagements from beginning of the audit i.e. Planning Phase to the end i.e. Reporting Phase.

As a valued member of the team, you will have the opportunity to learn and grow in a dynamic and fast-paced environment, making a tangible impact on technology risk and controls at the firm.

Job responsibilities

• Assesses and monitors technology risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices
• Supports implementation of effective controls in collaboration with cross-functional teams and stakeholders
• Evaluates the effectiveness of existing controls, identifies gaps, and recommends improvements to mitigate risks and enhance the firm's risk posture
• Analyzes complex situations, provide advice on risk management strategies, and support the implementation of risk mitigation measures
• Leads and manages all audit/assessment engagements for CFS
• Performs control reviews and risk assessments for the processes owned by CFS
• Proactively identifies risks and periodic reporting of the same
• Supports process owners in managing operational risk and provides transparency to stakeholders
• Monitors and evaluates the effectiveness of implemented controls, contributing to the recommendations for improvements and addressing gaps in risk management
• Communicates risk-related findings and updates to relevant stakeholders, ensuring alignment with organizational objectives and risk appetite

Required qualifications, capabilities, and skills

• Formal experience or equivalent expertise in technology risk management, information security, or a related field
• Experience in risk identification, assessment, and control evaluation, with a strong understanding of industry standards
• Demonstrated ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders
• In-depth knowledge on firm wide risk management and technology hygiene management tools
• Proficient in risk identification, assessment, and control evaluation, with a strong understanding of industry standards
• Exposure to risk management frameworks, regulations, and industry best practices

Preferred qualifications, capabilities, and skills

• Cloud Certifications, CISM, CRISC, CISSP, or other industry-recognized risk certifications