Opportunity to shape risk culture and ensure technological safeguards in a dynamic, collaborative environment.

As a Tech Risk Assurance Lead in our Cybersecurity and Technology Controls team, you will lead expert technical risk assurance and control oversight to ensure the firm's products and lines of business achieve their objectives while effectively managing risk. Utilizing your background in technology risk management, you will work with cross-functional teams to identify, assess, and mitigate emerging risks and vulnerabilities. Your tactical and strategic decision-making will significantly impact the firm's operations, financial management, and public image. You will play a crucial role in fostering a robust risk culture and catalyzing continuous improvement, contributing to the development and implementation of comprehensive risk management policies, standards, and controls.

This role is pivotal in ensuring the security and resilience of our technology infrastructure and will focus on the identification, analysis, and management of technology risks. The ideal candidate will have a strong background in cybersecurity and technology, with a keen ability to gather and review findings and telemetry data, conduct root cause analysis, and articulate risk effectively.

Job responsibilities

Collect and meticulously review findings and telemetry data to ensure comprehensive risk assessment. Utilize advanced data analytics to identify patterns and anomalies that may indicate potential risks providing a comprehensive risk assessment.Conduct thorough root cause analysis to identify the underlying causes and themes of issues and incidents, developing actionable insights and recommendations to address these root causes and prevent recurrence.Leverage subject matter expertise in cybersecurity controls and technology operations to identify emerging issues and articulate associated risks clearly and communicate risk findings to stakeholders in a manner that is both informative and actionable.Collaborate with cross-product and functional teams to analyze high-priority risks, evaluate gaps in related standards and controls, and create outputs that propel remediation plans, controls, and standards development.Prepare detailed reports and documentation of risk assessments, findings, and recommendations and ensure all documentation is accurate, comprehensive, and accessible to relevant stakeholders.Develop and maintain strong business and technology relationships, becoming a trusted partner. Implement innovative solutions to enhance the organization's risk posture.Champion the adoption of emerging technologies and industry best practices to enhance the firm's risk management capabilities and fuel continuous improvement initiatives.

Required qualifications, capabilities, and skills

5+ years of experience or equivalent expertise in technology risk management, cybersecurity, or a related field, focusing on risk assessment and mitigation.Solid understanding of Identity and Access Management (IAM) concepts including authentication, authorization, identity federation, access control models (RBAC, ABAC) and privilege management.Familiarity with authentication protocols such as SAML, OAuth 2.0, OpenID Connect and Kerberos.Strong grasp of IAM security best practices such as least privilege, separation of duties, MFA enforcement, Just-in-Time (JIT) access and zero trust principles.Ability to collaborate with application owners, cloud teams, IT and security to investigate IAM-related incidents and identify root causes and control gaps.Skilled at reviewing IAM configurations to identify misconfigurations or over-provisioning and recommending improvements.Understand identity lifecycle and policy enforcement across systems.

Preferred qualifications, capabilities, and skills

AI Prompt Engineering Expertise in Agile methodologies and ability to work with common frameworks.Relevant certifications in cybersecurity or risk management are a plus.Hands-on experience implementing and/or managing IAM technologies such as Azure AD, AWS IAM, Okta, Ping Identity, Active Directory, LDAP and CyberArk.Experience in monitoring identity-related activity using SIEM tools such as Splunk, Sentinel, identity analytics and user behavior analytics (UEBA).