Embedded Risk Associate Director

Are you ready to make an impact at DTCC

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

An IT ERM Associate Director has primary responsibility of supporting and conducting targeted IT risk assessments as well as the analysis and remediation of risk items including policy deviations, risk acceptances, issues and actions.The incumbent will execute and support day-to-day IT risk management activities (such as risk and controls assessments), manage deadlines and stakeholder expectations, and lead or participate in projects within assigned areas of responsibility.In carrying these responsibilities, the incumbent must work collaboratively with the IT Risk Management team (including Management Control Testing and Center of Excellence functions), other risk & control functions (e.g., Internal Audit, Technology Risk Management), as well as with IT line management (1^st line).

Your Primary Responsibilities:

• Support efforts to identify and manage risk within Architecture and Enterprise Services (AES) and Enterprise
• Develop and strengthen relationships with IT partners and control evaluation functions across the 3 lines of defense
• Develop, communicate and ensure adherence to department risk policies, procedures and best practices
• Demonstrate and embed the behaviors and competencies that create a risk management mindset in your organization
• Lead risk management activities including review of policy and procedure documents for alignment with controls and for technical completeness and accuracy
• Collaborating and/or leading assessments of key technologies within AES (e.g., Middleware, API, platform security)
• Gathering, preparing, and reviewing inputs into reporting (e.g., risk treatment, risk profiles, inherent risk assessments)

• Analysis and of compliance items (especially policy deviations, risk acceptances, issues/actions) included on the IT Risk & Control Report/ Dashboard
• Issue and action closure facilitation including meeting coordination, evidence gathering and review, documentation preparation and review
• Control evaluations performed by audit and/or management control testing functions as well as regulatory exams to gather, review, and prepare required evidence
• Acting as a technical expert on applications and technologies utilized by DTCC

Qualifications:

• Minimum of 8 years of related experience
• Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

• 7+ years of experience in system development, analysis, and/or technical auditing/ examination
• Leading technical discussions with key stakeholders and staff to analyze vulnerabilities, remediation plans, and assess risk
• Solid understanding and working knowledge of technologies including Middleware technologies (CICS), APIs (Apigee),
• Solid understanding of architectural concepts including security architecture, governance, performance, resiliency, operability
• Exposure to risk and control concepts including process flows, risk and control identification, control evaluation and reporting is a plus
• Exposure in working with cloud platforms including cloud security and usage of native services (e.g., AWS EC2)
• Background in financial services information technology or Big 4 technical advisory services a plus
• Demonstrated experience leading and executing IT Risk and Control SelfAssessments (RCSAs), including risk identification, inherent and residual risk assessment, control design evaluation, and challenge of risk ratings.
• Strong experience producing IT quarterly risk reporting for senior management, including aggregation of risk themes, trend analysis, key risk indicators (KRIs), and concise executivelevel commentary.
• Proven ability to define, analyze, and interpret IT risk metrics, with solid quantitative and analytical skills to assess control effectiveness, risk trends, and outoftolerance conditions.
• Deep understanding of core IT processes and technologies (e.g., application development, infrastructure, cloud, cybersecurity, resiliency, change management) and how process failures translate into operational and regulatory risk.
• Experience designing and executing risk assessments across complex IT environments, including scoping, evidence evaluation, stakeholder interviews, and synthesis of findings into actionable risk insights.
• Strong business acumen, with the ability to understand supported business areas, critical services, and client impacts, and to align IT risk assessments to business priorities and outcomes.
• Handson experience analyzing IT asset inventories (applications, infrastructure, platforms, data assets) and extrapolating risk findings across portfolios, capabilities, and business lines to identify systemic issues.
• Demonstrated expertise in incident analysis and root cause analysis, including evaluation of technology incidents, control failures, and nearmisses to inform risk assessments, corrective actions, and risk reporting.
• Ability to challenge effectively and independently, partnering with IT, risk, and business stakeholders while maintaining strong governance, documentation standards, and audit readiness
  

IT Risk and Data Services department seeks to meet our clients needs by capitalizing on the progress made in both the Risk Technology Program and the Data Analytics work and driving adoption of these capabilities across the enterprise. Important initiatives like the Modernization and Resiliency Programs count on these foundational capabilities to succeed.