Lead IT Risk and Security Engineer (IAM Risk Engineer)

Job Description

JOB DESCRIPTION

Are you ready to make an impact at DTCC

We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The impact you will have in this role:

As the IAM Risk Engineer you will be identifying, evaluating, and prioritizing risks to minimize, monitor, and control the probability or impact of unfortunate events or to improve the realization of opportunities. The role involves developing risk management strategies, implementing risk assessment methodologies, and ensuring compliance with regulatory requirements.

Your Primary Responsibilities:

Risk Management Planning:

• Identify and analyze risks to the business, including financial, regulatory, legal, and operational risks.
• Develop and implement risk management policies and procedures.
• Implement health and safety measures for risk prevention.

Risk Monitoring:

• Continuously supervise risk management processes and controls.
• Review and update risk policies and practices to ensure they are current and appropriate.

Compliance:

• Ensure compliance with regulatory requirements and internal policies.
• Keep abreast of legal and regulatory updates that may affect the organization.

Stakeholder Engagement:

• Work with other departments to integrate risk management with company processes.
• Liaise with external risk consultants.

Strategic Risk Management:

• Align risk management strategies with company objectives.
• Advise on the risk implications of strategic decisions.

Qualifications:

• Minimum of 8 years of experience and/or equivalent expertise in technology risk management, cybersecurity, or a related field, focusing on risk assessment and mitigation
• Bachelors Degree and/or equivalent experience

Talents Needed for Success:

• Excellent command of IT Risk Management organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
• Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for improvements or remediation
• Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment and detail oriented, with experience evaluating processes, controls, and issues to resolve risks
• Subject matter authority on information security and technology risk management with understanding of IT control policies
• Confirmed experience in leading large teams, handling cross-functional projects, and implementing risk management policies and processes
• Proven understanding of industry regulations, guidelines, and best practices, such as NIST, ISO, FFIEC, and GDPR

ABOUT THE TEAM

Enterprise Product & Platform Engineering transforms the way we deliver infrastructure to our business clients. A key construct of EP&PE will be the evolution of the IT Product Manager, who will partner with the Engineering organization, the Business Aligned Service Delivery organization, the DevSecOps organization as well as our operational support teams to ensure that this organization provides high quality, commercially attractive and timely solutions to support our business strategy.