Associate Director - Technology Risk Management

Risk Management
190105 Requisition #
Share this Job

Business Unit: Global Chief Risk Office
Department:  Technology Risk Management Associate Director
Job Family: Risk and Security 
Job Title: Technology Risk Manager


Business Unit Description:


DTCC Risk Management teams work to safeguard our systems, our clients and the global financial markets. This essential function cuts across all areas of our business to focus on identifying, measuring and monitoring a variety of risks, including financial, operational and technology. And with cybersecurity as a key focus area across all fintech industries, the need for qualified Risk Management professionals has never been more critical. When you join the Risk Management group, you will play an integral role in protecting a market infrastructure that processes more than 100 million transactions every day—developing the strategies and plans that keep our enterprise resilient. 


The Technology Risk Management (TRM) department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate information security policies and control standards and acting as an operational arm for monitoring threat intelligence.

Position Summary:

The TRM Policy & Governance (P&G) Policy Management Associate Director is responsible for:

·         Creation, maintenance and communication of cyber security and technology risk policy-related documentation (i.e., policies, procedures, job aids, process and other documentation).

·         Compliance with DTCC Corporate Document Management Framework (DTCC Framework) requirements.

·         Oversight of the P&G Audit and Compliance Engagement (ACE) team.

Principal Responsibilities:

This position is responsible for the following activities:

·        Interface with management and Subject Matter Experts (SME’s) to create new and maintain existing policy-related documentation in compliance with DTCC Framework requirements and to coordinate approvals and publication in the DTCC Enterprise Policy Repository (EPR).

·        Provide governance for TRM documentation including review for soundness across policies, control standards, core processes, procedures, job aids, the information security program and other cyber security material.

·        Formally present DTCC IS policy updates to business and technology risk coordinators, first line of defense representatives and applications security mavens.

·        Managing bi-annual reviews of IS control standards, annual reviews of IS policies, IS program and TRM core process documents and required periodic reviews and updates of TRM’s Enterprise Policy Repository (EPR) documents.

·        Perform TRM EPR Gatekeeper functions.

·        Interface with DTCC management and staff as requested to research DTCC policies.

·         Coordinate TRM’s monthly Intercompany Metrics reporting

·         Manage TRM ACE Team facilitation of Internal Audit Department (IAD) and Compliance Department engagements including:

o    TRM Audit Quarterly Questionnaire information gathering

o    Chief Security Officer (CSO) IAD and Compliance action plan monitoring, follow-up and reporting

·         Perform special assignments as requested by TRM Policy & Governance management.

·         Support the Technology Risk Management Steering Committee (TRMSC).


·         3 – 5 years of experience in the following is required:

o    Working with Financial Industry regulators and regulations (e.g., FRB, SEC, NYSDFS, ESMA, MAS).

o    Applying and/or assessing the implementation of cyber security industry standards (e.g., ISO/IEC 27001/27002:2013, FFIEC IT Examination Handbook 2016, NIST Cybersecurity Framework versions 1.0 and 1.1, NIST Special Publication 800-53 Revision 4).

·         3 – 5 years of experience in the following is preferred:

o    Financial Industry information systems, information technology and/or cyber security/risk or information systems/technology audit.

o    Writing information/cyber security policy-related documentation, reports and/or presentations that articulate, interpret or explain cyber security and/or risk policies, procedures, job aids and processes.

Knowledge and Skills Required:

·         Demonstrated flexibility, cooperation, collegiality and teamwork abilities

·         Excellent communication, writing and interpersonal skills

·         Extremely strong attention to detail

·         Confidence and presence when working with senior management

·         Multi-tasking and follow-up skills

·         Proficient in Microsoft Office PowerPoint, Excel and Word

·         Experience with Adobe Acrobat Professional, MS Visio and MS SharePoint (preferred)

·         College degree in Business Management/Computer Science or equivalent experience

·         CISA, CISM, CRISC or equivalent certification

About DTCC:

With over 40 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From operating facilities and data centers around the world, DTCC automates, centralizes, and standardizes the processing of financial transactions across the trade lifecycle and mitigates risk for thousands of institutions worldwide.


At DTCC we value on our clients' interests and partner to deliver superior results with excellence and innovation and lead with integrity. We proactively develop your potential and invest in your career.


Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings


📁 Risk Management

Requisition #: 180884


📁 Risk Management

Requisition #: 190007

Dallas - Belt Line

📁 Risk Management

Requisition #: 190092