Information Security/Cloud Risk Management, Sr Associate

The Senior Associate, Cloud Security & Risk Management within the Technology and Information Risk Management organization reports to the Director - Emerging Technology Risk and is responsible for ongoing oversight, assessment, management and reporting of technology and cybersecurity risks associated with the adoption and implementation of Cloud, across all operating entities. This role is established in the second line of defense and requires collaboration across IT, CISO, Data Office, Operational Risk, Internal Audit, and other relevant functional stakeholders within the organization in the management of Emerging Technology risks. An excellent understanding of the evolving regulatory landscape in the US and EU are vital for success in this role. The Sr Associate Cloud Security & Risk Management monitors activities to minimize the company’s exposure to technology and information risk associated with the adoption and deployment of Cloud technologies. The day-to-day focus may vary depending on the requirements of the overall second line of defense program priorities directed by the Head of Technology Risk and may include: planned or ad-hoc technical risk reviews/identification, technical review of cloud security architectures, review and challenge activities of IT or Business initiatives, Risk reporting, remediation, development as well as review and challenge of technical risk framework and methodologies. Essential Functions/Responsibility Statements: Establish themselves as the second line of defense subject matter expert on Security risk management in Cloud technology. Identify and assess technology and cybersecurity risks associated with the adoption and deployment of Cloud. Participate in the independent and ongoing risk oversight of key technology components of the firm’s digital transformation initiatives. Perform review and challenge of first line of defense risk management processes, data, and outcomes (e.g., risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances, etc.) and communicate risk opinions at various levels of management. Participate in evaluation of new products / Business changes / projects and assess related emerging technology risks and impact to the technology risk profile. Participate in the evaluation and management of risks related to third-party suppliers involved in technology projects related to the deployment of emerging technology or where emerging technologies introduced by third parties are a key component of the business activities. Analyze risk data from various sources (e.g., external events, control deficiencies, risk register etc.) to identify and measure levels of risk, concentration, trends, and patterns. Support process for constructive engagement across the Lines of Defense regarding differences or conflicts in risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute. Advises on remediation of regulatory findings, correction of any inconsistencies and monitors resolution. Prepare information to enable governance committees / working groups in the management oversight of Cloud risks. Initiate timely escalations to the Technology Risk leadership team. Work across the lines of defense to recommend strategies that effectively treat risks within the risk appetite.