Associate Director IAM Risk Manager
| Company | DTCC |
|---|---|
| Location | New York, NY, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Senior, Expert or higher |
Requirements
- Minimum of 8 years of experience and/or equivalent expertise in technology risk management, cybersecurity, or a related field, focusing on risk assessment and mitigation
- Bachelors’ Degree and/or equivalent experience
Responsibilities
- Identify and analyze risks to the business, including financial, regulatory, legal, and operational risks.
- Develop and implement risk management policies and procedures.
- Implement health and safety measures for risk prevention.
- Continuously supervise risk management processes and controls.
- Review and update risk policies and practices to ensure they are current and appropriate.
- Ensure compliance with regulatory requirements and internal policies.
- Keep abreast of legal and regulatory updates that may affect the organization.
- Work with other departments to integrate risk management with company processes.
- Liaise with external risk consultants.
- Align risk management strategies with company objectives.
- Advise on the risk implications of strategic decisions.
Preferred Qualifications
- Proven understanding of Identity Access Management and joiners, movers, leavers and user access including non-human identities (NHI)
- Excellent command of IT Risk Management organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
- Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for improvements or remediation
- Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment and detail oriented, with experience evaluating processes, controls, and issues to resolve risks
- Subject matter authority on information security and technology risk management with understanding of IT control policies
- Confirmed experience in leading large teams, handling cross-functional projects, and implementing risk management policies and processes
- Solid understanding of industry regulations, guidelines, and standard methodologies, such as NIST, ISO, FFIEC, CRI, and GDPR