Job Overview
We are seeking a highly skilled and technical savvy Director of IT Risk to join our team. This individual will play a crucial role in managing and maturing our information technology risk assessment processes, focusing on cloud, on-premise, and vendor application and systems. The candidate will be responsible for ensuring the effectiveness of our IT controls, maintaining the risk register, managing exceptions to IT policies, and contributing to our DevSecOps initiatives from a risk perspective. The ideal candidate will have a strong expertise in SOC1 and SOC2 assessments, a solid understating of AWS cloud security and an interest in leveraging AI and Gen AI technologies to enhance risk management decision making and process automation.
Responsibilities:
Implement policies related to IT risk management and manage the policy exception process
Conduct Business Impact Analysis across Arrowstreet’s business systems and establish criticality across all systems for prioritization of IT risk management efforts
Work closely with Cyber security team to ensure completeness and effectiveness of our IT controls to identify, respond and remediate threats
Oversee third-party IT risk assessment and collaborate with business leaders to discuss and address identified weaknesses
Manage and mature the incident management process to cover incident review, root cause analysis, and oversee implementation of mitigating controls
Maintain Risk Register for visibility, transparency, and prioritization of IT Risks
Create, develop, and maintain operational risk documentation
Play an active role in responding to Client diligence questionnaires
Evolve the existing IT risk assessment process to succinctly frame emerging threats and risks
Research and develop data-driven assessment practices that will facilitate deeper risk conversations and surface insights in support of strategic decision-making
Qualifications:
Minimum 10 years of experience in Information Technology, Information Security or IT Risk Management
Passion and expertise in technology and cybersecurity domains
Excellent understanding of IT Controls and Risk Assessment methodologies including SOC1 and SOC2
Certifications such as CISSP, SISM, CIRISC, and AWS Certified Security
Experience implementing controls aligned to industry standard frameworks (NIST, ISO 27001)
Ability to collaborate effectively with colleagues, stakeholders, and leaders across multiple departments to get consensus, socialize strategy, and achieve objectives
Exceptional communication skills and the ability to build strong relationships as well as credibility
Ability to manage and drive multiple parallel initiatives forward while maintaining superior results
Strong analytical, problem-solving, and decision-making skills
Technical Plus:
Hands-on experience with AWS and cloud security practices
Software development or infrastructure implementation experience
Familiarity with optimization of the processes via automation, AI/Gen AI implementations
We maintain a friendly, team-oriented environment and place a high value on professionalism, attitude and initiative.