JOB DESCRIPTION/SUMMARY

Being a Technology Risk Officer requires excellent project management and coordination skills together with a foundation in Technology Risk and broad understanding of the firm’s business and information security policies.
The successful candidate for this role will engage with numerous leaders and groups across regions for both business and technology. The role will require interaction with external parties (firm’s service providers, business counterparties, and regulatory personnel).
Key success criteria include the promotion and enforcement of Engineering risk policies and information security at all levels of the organization and across all technology platforms, and the efficient and timely coordination and review of the Engineering Division’s response to regulatory and client inquiries.

QUALIFICATIONS, CAPABILITIES AND SKILLS:

• 5+ years of technology experience in one or more of the following areas: Technology Infrastructure, Information Security, Technology Governance, Compliance, Control management, Operational Risk and/or Technology Audit
• Infrastructure security knowledge in Windows Server, Desktop OS and applications, Unix/Linux OS, Storage, Networking hardware and protocols, Databases and Exchange Connectivity, Remote Access, Firewall and IDS/IPS technology, Voice and Audio Visual platforms, and experience in configuration and vulnerability management is a significant advantage.
• Understanding of the regulatory environment as it relates to technology control and/or business continuity requirements
• Familiar with Risk Analysis and Risk Management methodologies
• Excellent program and project management skills
• Understanding of the business functions and the Technology role in a financial services firm a significant advantage
• Ability to work effectively as part of the regional and global team, serving a large diverse Engineering communityStrong analytical and communication skills required

• Provide clear and concise verbal and written advice to business and technology users on (1) understanding of relevant Engineering Risk policies and standards and (2) principles of security & controls as defined by the firm’s Technology Risk and Control Framework, and (3) adoption of secure and resilient solutions
• Build and maintain an understanding of global, regional and local regulatory requirements that have a technology impact, to conduct internal self-assessments and gap analyses to ensure compliance
• Participate in global, regional and local Engineering Risk initiatives aimed at improving baseline on information protection, resiliency and controls of technology processes and services
• Work on business initiatives ensuring regulatory requirements are appropriately understood, communicated, and mitigated
• Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environmentPerform risk assessments to identify gaps in compliance to information security (both application and infrastructure) and BCP standards and policies, for both internal technology solutions as well as solutions provided by third-party service providers. Ensuring critical and high priority issues are identified and resolved.