What you'd actually do

Serve as the primary risk advisor for a portfolio of applications supporting Corporate functions.

Provide subject matter expertise and technical guidance to key stakeholders, including Application Owners, CTOs, Chief Data Officers, and Business Control Managers.

Lead the risk lifecycle: including the identification, assessment, reporting and registration of technology risks, ensuring comprehensive risk coverage across the portfolio.

Develop and deliver remediation guidance to address identified risks and support risk mitigation strategies.

Prepare and present monthly risk posture report to stakeholders, offering a clear and comprehensive view of the technology risk posture and its impact on the business.

Skills

Required

Formal training or certification with 5–7 years of experience or equivalent expertise in technology, risk management, information security, or a related field, with a focus on technology risk identification, assessment, and control evaluation.
Strong understanding of technology risk management frameworks and industry standards.
Expertise and in depth knowledge in data, access and vulnerability management.
Experience in performing technology risk and control assessment for AI/ML solutions.
Proven ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders.
Proven ability to develop and maintain strong client and stakeholder relationships.
Excellent organizational and project management skills, with the ability to manage multiple competing priorities and deliver under tight deadlines.
High degree of initiative and self-direction, with the ability to perform well under pressure; demonstrated intellectual curiosity and capacity to learn quickly.

Nice to have

Industry-recognized certifications such as CRISC, CISM, CISSP, or CISA, demonstrating formal expertise in technology risk and information security management.
Proficiency in third-party and vendor risk management, including due diligence, ongoing monitoring, and control assessments across the vendor lifecycle.
Familiarity with cloud security risk management (e.g., AWS, Azure, GCP), including shared responsibility models and cloud-native control frameworks.

As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO (Business Information Security Officer) organization, you will serve as the trusted risk advisor for a portfolio of applications supporting Corporate functions. In this role, you will provide subject matter expertise and technical guidance throughout the entire risk lifecycle, including the identification of risks, offering remediation guidance, risk registration, and risk reporting to key stakeholders such as Application Owners, CTOs, Chief Data Officers, and Business Control Managers. You will be accountable for assessing and reporting a comprehensive view of the technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. This position requires strong communication and stakeholder management skills, as well as the ability to influence and guide risk decisions at both strategic and operational levels.

Job Responsibilities:

Serve as the primary risk advisor for a portfolio of applications supporting Corporate functions.
Provide subject matter expertise and technical guidance to key stakeholders, including Application Owners, CTOs, Chief Data Officers, and Business Control Managers.
Lead the risk lifecycle: including the identification, assessment, reporting and registration of technology risks, ensuring comprehensive risk coverage across the portfolio.
Develop and deliver remediation guidance to address identified risks and support risk mitigation strategies.
Prepare and present monthly risk posture report to stakeholders, offering a clear and comprehensive view of the technology risk posture and its impact on the business.
Drive innovative solutions to manage and mitigate risks in a dynamic and evolving risk landscape.
Leverage advanced knowledge of risk management principles, practices, and theories to influence and guide risk decisions at both strategic and operational levels.
Maintain strong communication and stakeholder management skills to ensure alignment and effective risk governance.

Required Qualifications, Capabilities, and Skills

Formal training or certification with 5–7 years of experience or equivalent expertise in technology, risk management, information security, or a related field, with a focus on technology risk identification, assessment, and control evaluation.
Strong understanding of technology risk management frameworks and industry standards.
Expertise and in depth knowledge in data, access and vulnerability management.
Experience in performing technology risk and control assessment for AI/ML solutions.
Proven ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders.
Proven ability to develop and maintain strong client and stakeholder relationships.
Excellent organizational and project management skills, with the ability to manage multiple competing priorities and deliver under tight deadlines.
High degree of initiative and self-direction, with the ability to perform well under pressure; demonstrated intellectual curiosity and capacity to learn quickly.

Preferred Qualifications, Capabilities, and Skills

Industry-recognized certifications such as CRISC, CISM, CISSP, or CISA, demonstrating formal expertise in technology risk and information security management.
Proficiency in third-party and vendor risk management, including due diligence, ongoing monitoring, and control assessments across the vendor lifecycle.
Familiarity with cloud security risk management (e.g., AWS, Azure, GCP), including shared responsibility models and cloud-native control frameworks.

#CTC