IT, Data and Cyber Risk Oversight Associate

About The Position

Requirements

• Well-versed in technology & cyber risk practices with the ability to connect and align with the firm’s operational risk management processes.
• 2+ years of direct work experience within the financial services industry, with IT risk management, control testing, regulatory/audit, or cybersecurity experience.
• Foundational understanding of enterprise risk management concepts, including risk assessment, control design, issue management, and RCSAs.
• Working knowledge across multiple technology, cyber, or data risk domains (e.g., SDLC, application security, Data Management, IT governance, infrastructure Architecture, IT asset management (incl. End of Life and Shadow IT), Infrastructure management application lifecycle management, change management, back-up and availability of critical systems, Service management, Event, Problem and incident management, Helpdesk, SLA- service quality, Cloud, … ).
• Familiarity with technology, cyber and data risk management industry frameworks and standards (e.g., NIST, ISO, COBIT).
• Foundational knowledge of Tech/Cyber/Data Management regulatory guidance
• Strong written communication skills, with experience supporting management or committee-level reporting.
• Proficiency in Excel and PowerPoint; experience with Power BI or data visualization tools preferred.
• Strong organizational skills with ability to successfully manage multiple, concurrent priorities.
• Work effectively in a matrixed environment and across various organizational levels, where flexibility, collaboration, and adaptability are important.
• Strong desire to deliver a quality work product in a timely and efficient manner.
• Bachelor’s/University degree required and Master’s degree preferred.

Nice To Haves

• CISA, CRISC, CISM, CISSP certifications (or exam taken) preferred.

Responsibilities

• Supports the TDCRO management in ensuring IT, data management, and cybersecurity risks are adequately governed, managed and controlled.
• Supports the independent review and credible challenge of 1st Line of Defense risk assessments, controls, metrics, and remediation plans related to IT, data, and cyber risk domains.
• Assist in the maintenance and periodic update of technology, data, and cybersecurity risk management frameworks, policies, standards, and procedures.
• Provides review and challenge on IT, data management and cybersecurity policies, standards, control framework, risk metrics/indicators, risk and control self-assessment (“RCSA”).
• Support the preparation of technology, data, and cybersecurity risk reporting for management and risk committees, including issue tracking and escalation.
• Collaborate with cross-functional stakeholders across risk, technology, cybersecurity, and data teams