Principal IAM Risk Manager

offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The impact you will have in this role:

As the IAM Risk Manager you will be identifying, evaluating, and prioritizing risks to minimize, monitor, and control the probability or impact of unfortunate events or to improve the realization of opportunities. The role involves developing risk management strategies, implementing risk assessment methodologies, and ensuring compliance with regulatory requirements.

Your Primary Responsibilities:

Risk Management Planning:

• Identify and analyze risks to the business, including financial, regulatory, legal, and operational risks.

• Develop and implement risk management policies and procedures.

• Implement health and safety measures for risk prevention.

Risk Monitoring:

• Continuously supervise risk management processes and controls.

• Review and update risk policies and practices to ensure they are current and appropriate.

Compliance:

• Ensure compliance with regulatory requirements and internal policies.

• Keep abreast of legal and regulatory updates that may affect the organization.

Stakeholder Engagement:

• Work with other departments to integrate risk management with company processes.

• Liaise with external risk consultants.

Strategic Risk Management:

• Align risk management strategies with company objectives.

• Advise on the risk implications of strategic decisions.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:

• Minimum of 8 years of experience and/or equivalent expertise in technology risk management, cybersecurity, or a related field, focusing on risk assessment and mitigation

• Bachelors' Degree and/or equivalent experience

Talents Needed for Success:

• Proven understanding of Identity Access Management and joiners, movers, leavers and user access including non-human identities (NHI)

• Excellent command of IT Risk Management organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies

• Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for improvements or remediation

• Experience with implementation and oversight of technology risk and controls, coordination of activities for audits and assessing an IT controls environment and detail oriented, with experience evaluating processes, controls, and issues to resolve risks

• Subject matter authority on information security and technology risk management with understanding of IT control policies

• Confirmed experience in leading large teams, handling cross-functional projects, and implementing risk management policies and processes

• Solid understanding of industry regulations, guidelines, and standard methodologies, such as NIST, ISO, FFIEC, CRI, and GDPR

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.