Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech risk strategy and enhance industry compliance. 

As a Tech Risk & Controls Director – Metrics in Cybersecurity & Technology Controls you will play a pivotal role in shaping and implementing the firm's technology risk management strategy. Leveraging your advanced knowledge and expertise in technology-risk disciplines, you will identify, oversee, and mitigate compliance and operational risks in line with the firm's standards. You will collaborate with various stakeholders, including Product Owners, Business Control Managers, and regulators, to develop and maintain a comprehensive view of the technology risk posture and its impact on the business. Your ability to make calculated decisions, influence large teams, and drive strategic projects will be crucial in ensuring the firm's adherence to regulatory obligations and industry best practices. Your work will contribute to the long-term success and resilience of the organization in an ever-evolving technology landscape.

Job Responsibilities

Leads, develops and directs a team of metrics professionals to deliver on team and organizational objectives.Defines, builds, leads and governs the metrics framework, ensuring alignment with industry best practice and firm objectives, whilst providing clear definitions and requirements for Executive Metrics and metrics required for the operational management of Cybersecurity, Technology and Operational Risks.Builds partnerships across Business Information Security Officer (BISO) teams, Application Owners, Control Owners, Cybersecurity & Technology Controls (CTC) leaders and Line of Business Control Managers (LoB BCM) to define appropriate Cybersecurity, Technology and Operational Risk metrics.Builds partnerships with technology teams responsible for implementing metric framework telemetry and associated logic, to ensure delivery and maintenance in accordance with metrics framework objectives.Drives efforts to modernize metrics by leveraging emerging technologies, data analysis and cutting-edge risk measurement and statistical techniques.Oversees and governs the design, testing and implementation of risk metrics to ensure alignment with business needs.Designs, builds, leads and executes risk metrics governance.Communicates program status, execution risks/issues, and key decisions to senior stakeholders, maintaining transparency and fostering informed decision-making.Identifies, manages, and mitigates delivery risks, proactively addressing potential roadblocks and implementing contingency plans to maintain program momentum.Promotes a culture of high performance, operational excellence, and innovation within the team, driving continuous improvement in risk management metrics practices.

Required qualifications, capabilities, and skills

Expert experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on managing risk identification, assessment, and mitigationDemonstrable experience of designing, testing, implementing and managing risk Key Risk Indicators (KRI), Key Performance Indicators (KPI) and Key Control Indicators (KCI) aligned to risk measurement industry best practices.Demonstrable experience of data analysis to drive the design, implementation and maintenance of risk metric data flows.Demonstrable experience of working in partnership with technical product teams to realize delivery of strategic technology capabilities.Formal training or certification on cybersecurity and technology risk concepts and 10+ years applied experience. In addition, 5+ years of experience leading technologists to manage, anticipate, and solve complex technical items within your domain of expertise.Experience planning and executing risk metric best practice to drive highly relevant risk insights and Firm level reporting consistency.Proficiency in technical information security and/or IT general controls domains, including policies and standards, risk and control assessments, and regulatory compliance.Ability to ensure decisions or constraints affecting program delivery are effectively escalated and addressed in a timely manner.Demonstrable strong verbal and written communication skills.Proven ability to apply critical thinking and structured problem-solving techniques to address issues and drive continuous improvement in risk measurement practices.