Vacancy caducado!
Senior Technology Risk Manager (Information Security / Cybersecurity)
Description About this role Job Purpose/Background: BlackRock is one of the world's preeminent asset management firms and a leading provider of investment management, risk management, and advisory services to diverse investors globally. BlackRock offers our clients a range of solutions, from thorough fundamental and quantitative active management strategies to highly efficient index strategies for broad exposure to the world's capital markets. Our clients access our investment solutions through a variety of products, including individual and institutional separate accounts, mutual funds, other pooled investment vehicles, and the industry-leading iShares® ETFs. Understanding and leading risk is the cornerstone of BlackRock's approach to responsible investing. Our Risk and Quantitative Analysis (RQA) group promotes BlackRock as a leader in risk management by providing independent top-down and bottom-up oversight to help identify investment, counterparty, operational, model, regulatory, technology, and third-party risks. Technology Risk Management (TRM) is a key part of the RQA Enterprise Risk Management group. As a second line of defense function, our mission is to help ensure senior management has defined technology controls that protect our clients, our firm and support the achievement of firm-wide business goals within our risk tolerance. TRM partners with senior management, Aladdin Product Group and Technology leadership, Information Security, Operational Risk and other control functions to achieve this mission. The ideal candidate for this position must be a multifaceted, flexible and creative leader, with experience in technology and enterprise risk management and financial services. The candidate must have strong presentation, communication and project management skills in order to successfully navigate across different levels of the BlackRock and client organizations. The candidate must also be able to work cross functionally across enterprise risk subject areas. Responsibilities:- Lead and support periodic and thematic risk assessments to execute continuous control monitoring; detail potential control gaps and questions, conduct business engagement meetings and follow-ups throughout the year.
- Focus on Information Security governance, risk and compliance matters, responsible for the identification, assessment and management of information security risks globally across all information security domains. Provide cyber security technical advisory services regarding industry and leading practices, relevant critical initiatives, and emerging technologies and trends.
- Support corporate enterprise risk initiatives and processes that have a technology component as a well act as a single point of contact for the all enterprise management matters for the assigned business relationships.
- Oversee risk remediation efforts for risk and control issues and support issue closure or risk acceptances, as needed.
- Drive issues and actions resulting from internal audit, regulatory reviews and external audits to completion; work with action owners to gather and evaluate appropriateness of evidence.
- Work closely with regional compliance teams to prepare for regulatory requests, representing TRM as necessary in face to face meetings in conjunction with other partners.
- Challenge the design of global technology metrics, perform data and trend analysis, and produce monthly KRI and KPI metric reports.
- Build and maintain relationships globally across the firm including Technology Management, Information Security, Third-Party Risk, Enterprise Risk and Internal Audit. Be a risk champion within the wider BlackRock business.
- Stay updated on global technology related regulations, industry standards, and other guidance related to Technology Resilience, Cyber Security and Technology Vendor Risk.
- Partner with BlackRock software development and technology teams to help them identify, understand and mitigate technology control risks through control education, review of metrics, and completion of self-assessments
- Successfully work cross functionally across other enterprise risk management subject areas (i.e. operational risk, model risk).
- 6+ years of experience working in a Technology Risk, IT Audit, Information Security or related field (financial services industry experience preferred)
- Demonstrated experience in industry leading practices and control frameworks, such as COBIT, NIST CSF, ISO 27001 as well as regulatory requirements, such as GDPR, GLBA and CCPA.
- Have an established understanding of software design, distributed systems, SDLC, and/or technology operations (hands on experience preferred)
- Demonstrable ability to analyze and monitor risk control issues through to resolution
- Project management, relationship-building analytical and organizational skills
- Effective communicator
- Has the capacity to multitask and complete difficult assignments within deadlines and with short lead times
- Proven ability to build and maintain effective working collaborations across teams and regional locations
- Strong Microsoft Office skills (including Microsoft Excel, PowerPoint, and Word) as well as familiarity with GRC tools.
- Experience with Tableau preferred.
- Bachelor's degree required
Vacancy caducado!