Principal, Technology Risk and Control, Policy Governance
Location: New York, New York
Type: Full Time
Internal Number: 13230627
Responsible for supporting the execution of Risk framework practices. Uses knowledge of Operations or Technology, risk and control frameworks, risk and control theory and practice, and controls implementation and assessment to determine potential risks to the organization. Manages analysis and draws conclusions to recommend and direct any resulting change needed to mitigate risk. Responsible for implementing risk framework and identifying, analyzing, monitoring, reporting, and minimizing information technology risks. Consult and advise on all technology risk matters. Supports related risk programs: audit response, regulatory inquiry and response, etc. Manages complex projects that involve working with the businesses to improve controls to mitigate any deficiencies. Contributes to the achievement of area objectives.
Manage and enhance the Policy Lifecycle for developing, approving, communicating, retiring, and maintaining policies, standards, and procedures across Operations & Technology by assessing triggers, stakeholder engagement, partnering with the Corporate Policy Governance Office, and ensuring vigorous audit management.
Partner with Process Owners to write policy documents, incorporate key business aligned and regional technology team perspectives, and solicit and integrate input from horizontal risk management contributors and assessors.
Ensures the policy document portfolio remains current, evolves to reflect changes in business and regulatory requirements, and provides management of the policy lifecycle and portfolio.
Review policy documents to provide comprehensive assessment of key components and recommend to Policy Owners potential alternatives.
Develop procedural implementation, controls, and change management process with appropriate teams to ensure proper governance and controls exist.
Establish linkages with Operations & Technology process and risk and control taxonomies.
Engage within and outside organization to gain knowledge and have situational awareness on risks associated with emerging technologies.
Ongoing engagement with the other Operations and Technology Control Management teams, Operations Business Unit Heads, Technology Business Owners, and Second Line of Defense.
Bachelor's degree or equivalent combination of education and work experience is required.
Twelve (12+) years of total work experience is preferred with demonstrated growth in responsibilities and in-depth experience in operational risk management, legal, regulatory compliance, and/or technology risk and control mandatory.
Experience in the securities or financial services industry is a plus.
CISA, CISSP or CRISC and ISACA certifications are preferred.
Strong written and verbal communication.
Ability to work independently or with a team.
Strong interpersonal skills to support collaboration and mentoring. Must be a team player.
Demonstrated ability to develop and implement strategy and process improvement/transformational initiatives.
Provides a "no surprise" environment by understanding the importance of transparent communication with senior management and direct manager.
Strong problem-solving and reading comprehension skills. Strong ability to understand and see the big picture and the details or horizontal and vertical and to be able to apply these two perspectives to analysis and resolution of risk.
Critical thinking, creativity, and intellectual curiosity; ability to master new subject matter and ask the right questions to "connect the dots" across abroad array risk/control topics and control.
Demonstrated ability to successfully accomplish goal objectives and manage multiple deliverables in a fast-paced environment with at times changing priorities.
Exhibits sense of urgency balanced with sound judgement and ability to inquire when direction is needed. Ability to work in a fast paced environment with competing priorities.
Must be able to compose and deliver business documents, such as senior management presentations, governance reports, executive summaries, business cases, business/process requirements.
An understanding of Operations, the key topics impacting Operations, emerging risks/issues impacting Operations and Technology, and emerging technology (e.g., data protection and privacy, cybersecurity, change management, third-party governance, AI, machine learning).