Every day, we seek to improve financial security for people. As part of our ongoing efforts to strengthen our risk management practices, we are seeking a talented and motivated individual to join our team as an Information Technology (IT) Risk Manager. Joining the Operational Risk team means you will be a part of a passionate and supportive team that believes what we do matters to our clients and investors. 

This individual will work closely with IT, Risk Management and Compliance teams to maintain effective Governance, Risk and Compliance (GRC) frameworks that align with our business objectives and comply with industry regulations and standards. The role involves identifying, assessing, and mitigating risks to our organization, managing compliance with legal and regulatory requirements, and ensuring that our policies and procedures meet best practices. This individual will be responsible for developing and implementing various IT governance controls. The ideal candidate will have a strong information technology and risk management background and experience in compliance management and regulatory requirements. This role will report to the Global Head of Operational Risk with a dotted line to the Head of IT.  This individual will work closely with other members of IT, Risk Management, Internal Audit and Compliance to identify and mitigate risks related to our technology infrastructure and data security. 

Location: Must be able to work in person at either our Seattle or New York office.

Your Core Responsibilities:  

• Conduct IT related risk assessments. 

• Perform risk reviews of the IT control framework. 

• Provide direction and guidance in the development, implementation, and communication of IT risk related policies and standards. 

• Work closely with IT teams to provide guidance on risk mitigation techniques, security controls, and incident response procedures. 

• Collaborate with other members of the IT team and business stakeholders to identify areas for improvement and implement solutions to enhance IT controls and compliance. 

• Develop, implement, and mature IT GRC strategies and procedures to ensure adherence to regulatory requirements and industry best practices. 

• Facilitate internal and external audits to assess the effectiveness of IT controls and risk management processes. 

• Actively engage in end-to-end risk remediation planning, resolution, and monitoring activities. 

• Monitor and analyze emerging IT threats and industry trends to continuously improve risk management strategies. 

• Collaborate with the Head of IT to align IT risk management initiatives with the overall IT strategy and organizational goals. 

• Prepare and present IT risk reports to senior management and the Board of Directors. 

Your Expertise:  

• Bachelor's degree in Information Systems, Information Technology, Risk Management, or a related field. Advanced degrees and certifications (e.g., CISA, CRISC, CISSP) are a plus. 

• 5+ years of experience working in IT Risk Management, Audit or Operational Risk with IT focus. 

• Strong understanding of IT infrastructure, systems, and applications, as well as associated risks and vulnerabilities. 

• Strong understanding of internal control design effectiveness. 

• Knowledge of industry best practices and frameworks such as NIST Cybersecurity Framework (e.g., ISO/IEC 27001, and COBIT). 

• Familiarity with IT regulatory requirements and standards (e.g., GDPR, HIPAA, SOX). 

• Excellent communication and leadership skills, with the ability to effectively manage and motivate a team. 

• Excellent analytical and problem-solving skills, with the ability to assess complex situations and recommend effective solutions. 

• Strong communication and interpersonal skills to work effectively with stakeholders at all levels of the organization. 

• Ability to work independently and collaboratively as part of a team, driving results in a fast-paced and dynamic environment.