Technology Risk Associate

Risk Management
181718 Requisition #
Share this Job
Business Unit: Global Chief Risk Office
Department:  Technology Risk Management
Job Family: Risk Management
Job Title: Technology Risk Associate
Corporate Title: Associate
FLSA Code (US Only): Exempt

Business Unit Description:

DTCC Risk Management teams work to safeguard our systems, our clients and the global financial markets. This essential function cuts across all areas of our business to focus on identifying, measuring and monitoring a variety of risks, including financial, operational and technology. And with cybersecurity as a key focus area across all fintech industries, the need for qualified Risk Management professionals has never been more critical. When you join the Risk Management group, you will play an integral role in protecting a market infrastructure that processes more than 100 million transactions every day—developing the strategies and plans that keep our enterprise resilient. 

The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.

Position Summary:

The successful candidate will support the team responsible for the development, implementation and ongoing management and governance of the DTCC Technology Risk Management program. Responsibilities include supporting development and refinement of workflows, assessing requirements and maintaining client communications necessary to deliver the program.

Specific Responsibilities:
  • Reassess existing processes and create new ones that most effectively anticipate, manage and reduce risk to DTCC and its participants
  • Support the security strategy, program assessment  and control lifecycle processes
  • Support the attestation request, response, and sampling workflows
  • Support design of the solution with relevant management reporting metrics and risk thresholds. 
  • Align cybersecurity program assessment reporting with stakeholders in support of managing risk and identifying opportunities to enhance DTCC’s security profile
  • Coordinate key cyber security program initiatives and their alignment with NIST CSF, including rationale(s) for risk reduction or avoidance
  • End to End Process Analysis and risk reduction initiatives
  • Research best practices and industry trends for the information security program with external organization, 3rd parties industry specialists, symposiums, and industry organizations and assess suitability for DTCC implementation
  • Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk
  • Conduct testing on the effectiveness of host and network based security monitoring controls (e.g. SIEM, HIPS/HIDS, Firewalls, Antimalware, etc.)
  • Monitor IT platforms that are sending logs to security event monitoring systems and work with relevant IT groups for the remediation of gaps in coverage.
  • Perform quality assurance on the data coming from various log sources to ensure data are completely and continuously ingested by the security event monitoring systems, in a format that is usable to generate alerts when triggered.
Leadership Competencies for this level include:
  • Accountability: Demonstrates reliability by taking necessary actions to continuously meet required deadlines and goals.
  • Global Collaboration: Applies global perspective when working within a team by being aware of own style and ensuring all relevant parties are involved in key team tasks and decisions.
  • Communication: Articulates information clearly and presents information effectively and confidently when working with others.
  • Influencing: Convinces others by making a strong case, bringing others along to their viewpoint; maintains strong, trusting relationships while at the same time is comfortable challenging ideas.
  • Innovation and Creativity: Thinks boldly and out of the box, generates new ideas and processes, and confidently pursues challenges as new avenues of opportunity.
  • Minimum of 3 - 5 years of business/security work experience with an emphasis on financial services or other highly regulated environments

  • Minimum 3-5 years’ experience as a security, risk and/or control professional, security information and event management  (SIEM)including security program design and management

  • Experience in working with IBM Qradar, Ethical hacking, penetration testing , Vulnerability assessment
  • Project managing skills handling IT groups, presentation skills 
  • Bachelor’s degree in computer and other related fields
  • CISSP/CISM/CRISC certification is a plus but not required
About DTCC:

With over 40 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From operating facilities and data centers around the world, DTCC automates, centralizes, and standardizes the processing of financial transactions across the trade lifecycle and mitigates risk for thousands of institutions worldwide.

At DTCC we value on our clients' interests and partner to deliver superior results with excellence and innovation and lead with integrity. We proactively develop your potential and invest in your career.

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions
Please try again.


Either there was a problem on our end with the action you just performed, or we are currently having technical difficulties with our system. Please try again later.