Technology Risk Investigations - Senior Associate

Join our team to fortify the technological backbone of a financial powerhouse, ensuring robust risk management and pioneering assurance strategies.

As a Technology Risk Investigations - Senior Associate in Cybersecurity & Technology Controls, you will make impactful contributions towards ensuring the firm's technology products and lines of business achieve their objectives while effectively managing risk.

You will support the wider Risk Assurance function in conducting root-cause investigations into potential information security risks and will play a key part in the continuous improvement of the Risk Assurance findings management program.

The primary focus of this role is to analyze, communicate, and track information security risks identified during cybersecurity assessments, such as red team exercises and penetration tests.

Your role will involve planning and executing projects to address complex risk scenarios and ensure compliance with technical standards and organizational policies.

Leveraging your advanced analytical, technical, and problem-solving skills, you will contribute to the proactive identification and evaluation of technology risk, controls development, and adherence across the Firm

Job responsibilities:


* Analyze and prioritize technical risk hotspots by collaborating with cross-functional teams and leveraging data from Assurance Operations and Data Science teams


* Define the control requirements based on business function, regulatory risks, and control framework comparison analysis


* Evaluate gaps in existing standards and controls, and develop remediation plans to address high-priority risks and systemic issues


* Monitor technology risk, ensuring compliance with relevant regulations, policies, and industry best practices across the Firm


* Contribute to the continuous improvement of risk management processes, tools, and methodologies, while fostering a strong risk culture within the Firm

Required qualifications, capabilities, and skills


* 3+ years of experience or equivalent expertise in information security, project management or a related field


* Proven knowledge of cybersecurity operations, common risk management processes, security practices, security engineering, and/or vulnerability management.


* Ability to collaborate with diverse stakeholders of varying seniority to effectively articulate risk and drive change.


* Experience in agile project management and with agile tooling, such as Jira and Confluence.


* Proven understanding of cybersecurity operations, common risk management processes, security practices, security engineering, and/or vulnerability management.


* Ability to collaborate with diverse stakeholders of varying seniority to effectively articulate risk and drive change.


* An understanding of offensive and defensive security tools/technologies, such as penetration testing and red team testing platforms, firewalls, IDS/IPS, Web Proxies, and DLP.
...