Associate Director IT Embedded Risk

About The Position

Requirements

• Minimum of 8 years of related experience
• Bachelor's degree preferred and/or equivalent experience
• 8+ years of experience in risk management/ analysis and/or technical auditing/ examination
• Demonstrated experience leading and executing IT Risk and Control Self‑Assessments (RCSAs), including risk identification, inherent and residual risk assessment, control design evaluation, and challenge of risk ratings.
• Strong experience producing IT quarterly risk reporting for senior management, including aggregation of risk themes, trend analysis, key risk indicators (KRIs), and concise executive‑level commentary.
• Proven ability to define, analyze, and interpret IT risk metrics, with solid quantitative and analytical skills to assess control effectiveness, risk trends, and out‑of‑tolerance conditions.
• Deep understanding of core IT processes and technologies (e.g., application development, infrastructure, cloud, cybersecurity, resiliency, change management) and how process failures translate into operational and regulatory risk.
• Experience designing and executing risk assessments across complex IT environments, including scoping, evidence evaluation, stakeholder interviews, and synthesis of findings into actionable risk insights.
• Strong business acumen, with the ability to understand supported business areas, critical services, and client impacts, and to align IT risk assessments to business priorities and outcomes.
• Hands‑on experience analyzing IT asset inventories (applications, infrastructure, platforms, data assets) and extrapolating risk findings across portfolios, capabilities, and business lines to identify systemic issues.
• Demonstrated expertise in incident analysis and root cause analysis, including evaluation of technology incidents, control failures, and near‑misses to inform risk assessments, corrective actions, and risk reporting.
• Ability to challenge effectively and independently, partnering with IT, risk, and business stakeholders while maintaining strong governance, documentation standards, and audit readiness.

Responsibilities

• Maintaining and enhancing IT risk management framework. The framework is comprised of tools and processes to help DTCC:
• Identify new risks, changes in risk, or relationships between risks
• Monitor and escalate key matters of risk and control.
• Support IT management in maintaining a complete and accurate Process, Risk, and Control library
• Formulating, disseminating and administering IT risk management policy and procedures;
• Providing risk and control consultation and evaluations of control effectiveness to support/ evidence management awareness of the effectiveness of the control environment (i.e., assist management in issue self-identification)
• Liaising with Technology Risk, Information Security, Technology Centers of Excellence and with other subject matter experts within the organization to ensure that risks and appropriate mitigants are identified and communicated throughout the organization.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).