Technology Risk & Controls Lead

Social network you want to login/join with:

The Technology Risk and Controls Framework Manager is a Vice President role within CTC’s Technology Risk and Control (TRC) organization. Reporting to the firmwide technology Chief Controls Manager, TRC leads the definition and execution of our technology Governance, Risk & Compliance (GRC) discipline, which provides the framework for managing the firm’s corporate Information Risk Management program.

This role requires a combination of in-depth expertise and highly effective organizational skills. It is critical to the overall success of the Information Risk Management program. The candidate must be highly motivated with strong leadership and influencing skills, leveraging their experience to advance the firm’s framework for managing technology risks and controls, aligning technology policy with cybersecurity and technology control solutions, and informing the firm’s Operational Risk Management reporting based on metrics and quantitative assessments. The framework is established and operational, but the space is dynamic, rapidly evolving, and subject to continuous reassessment and changing priorities.

The position involves close collaboration with various partners across the firm, including colleagues in CTC, Enterprise Technology, Information Risk Managers, Technologists, Operational Risk Management & Compliance, Audit, and regional partners worldwide. Effective stakeholder management, creativity, critical thinking, communication, and influence skills are essential. The role operates within a large, complex organization that features critical infrastructure and is integral to the global financial ecosystem.

1. Lead the ongoing program within the CTC-TRC Frameworks Team to accurately represent and maintain the firm’s complex technology operations within the Corporate Operational Risk Environment (CORE) system. This includes defining the Risk Identification framework, executing it with Risk Identification partners, and ensuring risks are reflected into CORE for reporting, monitoring, and mitigation. Collaborate with technology owners to model processes, risks, and controls, and ensure risk and control reference data is aligned for assessments. Work with risk managers to ensure assessments are meaningful and actionable, and drive improvements in technology risk understanding across the firm.
2. Manage and report on the firm’s Operational Risk via the CORE system, which is subject to assessments, audits, and regulatory exams. Maintain effective communication, influence, and stakeholder management with senior and executive management across various global teams.

• Proven experience in technology risk & controls and information risk management, including risk identification, assessments, governance, and reporting.
• Knowledge of compliance, conduct, and operational risk management frameworks and processes.
• Experience with industry best practices such as NIST, ISO, ISACA frameworks.
• Experience in developing use cases and business logic for continuous controls monitoring, and partnering with product and engineering teams.
• Good understanding of financial services regulations (e.g., FFIEC handbooks).
• Knowledge of current technology implementations, including Cloud (public and private).
• Inquisitive, innovative, and influential, with a proven track record of driving ideas forward.
• Strong relationship-building skills with senior executives.
• Excellent organizational, project management, and multi-tasking skills, with experience using work management platforms like JIRA.
• Strong communication, analytical, and problem-solving skills.
• Experience with data analytics tools such as AI/ML, Alteryx, Tableau.
• Ability to collaborate with diverse, geographically distributed teams.
• High professionalism, self-motivation, and urgency.
• Flexible, deadline-oriented, and able to operate under pressure.