Control Management Director

Control Management Director

Requirements

• 8+ years of Risk Management or Business Controls experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years of Management or leadership experience

Responsibilities

• Ensure that technology controls are embedded within the SDLC to mitigate risks related to software development, deployment, and maintenance.
• Collaborate with stakeholders to ensure adherence to internal policies, regulatory requirements, and industry frameworks.
• Assist in designing and implementing controls to address security, data integrity, and operational risks within the software development process.
• Support internal and external audits by providing documentation, control evidence, and remediation plans for any identified gaps.
• Advocate for secure coding principles and integration of security testing (e.g., SAST, DAST) within CI/CD pipelines.
• Monitor and assess technology changes to ensure appropriate risk assessments and approvals are in place before deployment.
• Investigate control failures, conduct root cause analysis, and recommend corrective actions to strengthen controls.
• Provide guidance to development teams on control requirements, best practices, and emerging risks in software development.

Preferred Qualifications

• Strong understanding of the software development lifecycle (SDLC) and technology risk management principles.
• Experience with technology control frameworks (e.g., NIST, COBIT, ITIL) and regulatory compliance requirements.
• Knowledge of application security principles, DevSecOps, and secure coding best practices.
• Familiarity with cloud computing controls, infrastructure security, and CI/CD pipeline security.
• Ability to work cross-functionally with developers, risk teams, and compliance stakeholders.
• Strong analytical, problem-solving, and communication skills.
• Effective understanding and execution of risk management programs, including Risk and Control Self-Assessment (RCSA), Enterprise Risk Identification & Assessment (ERIA) and Issues Management.
• Demonstrates the ability to make subjective and informed decisions based upon output, influence stakeholders and justify decision making.
• Strong analytical ability used to identify risks and confidently raise issues and through proper statue and authority will counsel and escalate early and when necessary.
• Design a control and ways to measure effectiveness.
• Meaningful knowledge across the enterprise risk management framework, including: risk identification, risk appetite and strategy, risk-related decisions, processes and controls, risk analytics and governance.
• Strong interpersonal, influencing, and communications skills with an ability to interact effectively with stakeholders and regulators, to include virtual, matrixed leadership experience and the ability to effectively manage and build relationships within the enterprise Risk function and the business.
• Influence business partners including enterprise functions through networking, communication and written products.
• Ability to analyze, problem solve with demonstrated excellence at identifying stakeholders, understanding needs, and driving decision-making/resolution through a consensus building approach.
• Implement solutions through written action plans, procedures and change management.
• Understand the impacts/benefits of emerging technologies (automation/machine learning/etc.) on the operating and control environment.
• Deep understanding of ever-evolving governance processes and regulatory environments.
• Experience working horizontally across an organization and participating in enterprise-wide implementations of major policy and relevant risk programs.