Tech Risk Specialist

Are you risk aware? Do you have a proven background in information technology and experience in the financial services industry? We're looking for someone like that to help us to:

support our key stakeholders with managing their operational risk items, and staying within risk appetite

review controls and look to automate controls where possible. Also a good understanding of how controls will be managed within cloud environments.

support the implementation of the Operational Risk Framework

analyze risk-related metrics, and identify trends, peaks and exceptions

report Technology risks, control deficiencies and remediation status to our key stakeholders

maintain relationships with key stakeholders, and partner effectively with 2nd and 3rd lines of defense

assist with internal and external audits impacting technology

assist with ad hoc risk and recurring control assessments

establish and maintain an effective risk culture

• IT general controls: access management, change control, backup procedures, logging

• Cloud environments: understanding of Azure, or GCP risk and control models

• Cloud control topics: access control, data encryption, monitoring, shared responsibility

• Audit preparation: working with internal and external audits, SOX, financial regulations

• Control remediation: tracking findings, coordinating fixes, documenting outcomes

• Data analysis: using Excel (pivot tables, lookups, charts), basic SQL or Python a plus

• Risk metrics: interpreting and reporting KPIs, KRIs, and trends

• Risk tools: experience with JIRA, Confluence, ServiceNow, Archer GRC

• Project tracking: prioritizing tasks, following up with tech and business teams

• Understanding of IT infrastructure, security, and operations

• Knowledge of incident management and disaster recovery

• Familiarity with DevOps processes and related risks in cloud/on-prem environments

• Communication skills for reporting risks and influencing stakeholders

• Certifications like CISA, CISSP, CRISC, or ITIL Foundation are valued

• Experience with cloud security frameworks (e.g. CSA CCM, Azure Security Benchmark)

• Familiarity with financial industry regulations (e.g. Basel II/III, MiFID, FINMA)

• Knowledge of cybersecurity topics: threat modeling, vulnerability management, SIEM tools

• Hands-on experience with risk tools like RSA Archer, MetricStream, or OpenPages

• Exposure to Agile or SAFe frameworks and how risk is managed in agile teams

• Basic scripting or automation skills (e.g. Python, PowerShell) for control testing or reporting