Senior IT Risk Management Officer

About This Role

Serve as a Senior Technology Risk Management Officer for a major asset management firm, supporting IT governance and compliance by identifying and managing risks, driving strategic initiatives, and ensuring regulatory compliance and audit readiness. This role focuses on enhancing the IT Risk Management function and collaborating across technical and non-technical teams.

Responsibilities

• Support the Firm’s external audit reviews by gathering, evaluating, and delivering timely evidence for key technology and business processes and facilitate walkthroughs, findings discussions, and escalations.
• Validate ongoing operation for core technology processes by proactively testing key controls, correcting identified issues, and driving sustainable process enhancements that avoid issue recurrence.
• Facilitate the advanced preparation of technology and business process owners for audit reviews, understand their processes and advise on process and control design to drive continuous improvement.
• Conduct technical reviews of software products and services to identify Information Security and AI risks, triage and summarize the findings, and advise firm’s stakeholders on appropriate risk treatment.
• Complete information security reviews, analyze identified risks, and define remediation actions where necessary.
• Maintain documentation of identified risks, ownership, treatment timelines, and status.
• Coordinate with stakeholders to drive timely and complete mitigation and validation of identified risks.
• Prepare regular reports for IT and Business managers indicating workstream status and progress, design and deploy evergreen self-service visualizations.
• Contribute to the delivery of strategic priorities across technology, risk, governance, and identity and access management by completing projects and tasks as assigned and by collaborating with relevant stakeholders.
• Create a list of legacy and cloud services, identify key risk attributes, security, and audit process gaps, agree on gap treatment, and drive their complete and timely resolution.

Requirements

• 5 years of experience in information security, data protection, third-party risk management, technology audit, regulatory compliance, or identity and access management
• Experience defining, implementing, and reviewing secure and resilient design principles for business systems
• Experience in risks arising from use of classic and cloud-native application architectures
• Proficiency in Microsoft Office products – Excel, PowerPoint, Word
• Excellent written and verbal communication, and collaboration skills

Qualifications

• BS in Computer Science, Information Systems, Accounting, Data Science, or a related field
• 5 years of experience in information security, data protection, third-party risk management, technology audit, regulatory compliance, or identity and access management.

Nice to Have

• Experience in server architecture – Windows, MS SQL Server
• Exposure to software development and SDLC pipelines
• Experience in building and deploying automation (PowerShell, Python)
• Experience using, building, and governing Artificial Intelligence (AI) systems, AI agents, and AI-enabled systems
• Experience across IT domains and processes – security, change, identity and access management, resilience, and operations of networks, hosts, cloud services
• Exposure to risk management frameworks and regulations – SOC 1, SOC 2, ISO 27001, NIST CSF, SOX, GDPR
• best-of-breed security and technology tools and applications

Skills

* Required skills