Embedded Risk Associate Director

otional well-being.

• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

An IT ERM Associate Director has primary responsibility of supporting and conducting targeted IT risk assessments as well as the analysis and remediation of risk items including policy deviations, risk acceptances, issues and actions.The incumbent will execute and support day-to-day IT risk management activities (such as risk and controls assessments), manage deadlines and stakeholder expectations, and lead or participate in projects within assigned areas of responsibility. In carrying these responsibilities, the incumbent must work collaboratively with the IT Risk Management team (including Management Control Testing and Center of Excellence functions), other risk & control functions (e.g., Internal Audit, Technology Risk Management), as well as with IT line management (1 st line).

Your Primary Responsibilities:

• Support efforts to identify and manage risk within Architecture and Enterprise Services (AES) and Enterprise
• Develop and strengthen relationships with IT partners and control evaluation functions across the 3 lines of defense
• Develop, communicate and ensure adherence to department risk policies, procedures and best practices;
• Demonstrate and embed the behaviors and competencies that create a risk management mindset in your organization;
• Lead risk management activities including review of policy and procedure documents for alignment with controls and for technical completeness and accuracy
• Collaborating and/or leading assessments of key technologies within AES (e.g., Middleware, API, platform security)
• Gathering, preparing, and reviewing inputs into reporting (e.g., risk treatment, risk profiles, inherent risk assessments)

IT ERM Associate Director will be consistently responsible for facilitating the:

• Analysis and of compliance items (especially policy deviations, risk acceptances, issues/actions) included on the IT Risk & Control Report/ Dashboard

• Issue and action closure facilitation including meeting coordination, evidence gathering and review, documentation preparation and review

• Control evaluations performed by audit and/or management control testing functions as well as regulatory exams to gather, review, and prepare required evidence

• Acting as a technical expert on applications and technologies utilized by DTCC

Qualifications:

• Minimum of 8 years of related experience

• Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

• 7+ years of experience in system development, analysis, and/or technical auditing/ examination

• Leading technical discussions with key stakeholders and staff to analyze vulnerabilities, remediation plans, and assess risk

• Solid understanding and working knowledge of technologies including Middleware technologies (CICS), APIs (Apigee),

• Solid understanding of architectural concepts including security architecture, governance, performance, resiliency, operability

• Exposure to risk and control concepts including process flows, risk and control identification, control evaluation and reporting is a plus

• Exposure in working with cloud platforms including cloud security and usage of native services (e.g., AWS EC2)

• Background in financial services information technology or Big 4 technical advisory services a plus

• Demonstrated experience leading and executing IT Risk and Control Self-Assessments (RCSAs), including risk identification, inherent and residual risk assessment, control design evaluation, and challenge of risk ratings.

• Strong experience producing IT quarterly risk reporting for senior management, including aggregation of risk themes, trend analysis, key risk indicators (KRIs), and concise executive-level commentary.

• Proven ability to define, analyze, and interpret IT risk metrics, with solid quantitative and analytical skills to assess control effectiveness, risk trends, and out-of-tolerance conditions.

• Deep understanding of core IT processes and technologies (e.g., application development, infrastructure, cloud, cybersecurity, resiliency, change management) and how process failures translate into operational and regulatory risk.

• Experience designing and executing risk assessments across complex IT environments, including scoping, evidence evaluation, stakeholder interviews, and synthesis of findings into actionable risk insights.

• Strong business acumen, with the ability to understand supported business areas, critical services, and client impacts, and to align IT risk assessments to business priorities and outcomes.

• Hands-on experience analyzing IT asset inventories (applications, infrastructure, platforms, data assets) and extrapolating risk findings across portfolios, capabilities, and business lines to identify systemic issues.

• Demonstrated expertise in incident analysis and root cause analysis, including evaluation of technology incidents, control failures, and near-misses to inform risk assessments, corrective actions, and risk reporting.

• Ability to challenge effectively and independently, partnering with IT, risk, and business stakeholders while maintaining strong governance, documentation standards, and audit readiness

Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

About Us

With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC's subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC's Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at https://www.dtcc.com or connect with us on LinkedIn , X , YouTube , Facebook and Instagram .

DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.

Learn more about Clearance and Settlement by clicking here .

About the Team

IT Risk and Data Services department seeks to meet our clients' needs by capitalizing on the progress made in both the Risk Technology Program and the Data Analytics work and driving adoption of these capabilities across the enterprise. Important initiatives like the Modernization and Resiliency Programs count on these foundational capabilities to succeed.