×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Technology Risk and Governance

Job in Boston, Suffolk County, Massachusetts, 02298, USA
Listing for: Arrowstreet Capital, Limited Partnership
Full Time position
Listed on 2026-06-02
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 110000 - 315000 USD Yearly USD 110000.00 315000.00 YEAR
Job Description & How to Apply Below

Job Overview

The position reports to the Chief Information Security Officer and leads the enterprise-wide technology risk and governance program. This role establishes the risk framework, policies, and governance needed to identify, assess, and mitigate risk across IT services, platforms, and third parties. Partnering with senior leadership across Technology, Cyber Security, Compliance, Legal, and business, the role translates complex technical and control issues into clear business risk narratives (operational, regulatory, reputational, and financial) and drives risk‑based prioritization of remediation.

The position owns the technology risk policy suite and associated standards and oversees the technological aspects of the third‑party risk program, including vendor onboarding due diligence and ongoing monitoring in partnership with Compliance and procurement stakeholders. This role is a key contributor to enterprise risk management, partnering with the Chief Compliance Officer and risk owners to ensure technology risks are identified, documented, reported, and addressed through effective controls, risk acceptance, and continuous improvement.

It also evaluates and implements tools and reporting to increase risk visibility and strengthen governance.

Responsibilities
  • Own the enterprise technology risk framework and governance model, aligned to the organization’s enterprise risk framework.
  • Provide advisory support for material technology decisions (new systems, products, vendors, and significant changes), translating technical and control issues into business impact.
  • Establish clear governance and reporting for senior management and committees on material IT, cyber, third‑party, and emerging technology risks, including key risk indicators and metrics.
  • Design and continuously improve technology risk assessment and control evaluation processes, including remediation tracking and governance for risk acceptance, waivers, and exceptions.
  • Lead and mature AI risk governance in partnership with IT, Security, Compliance, and the business.
  • Support enterprise data governance initiatives (classification, retention, and handling) in collaboration with Technology and business stakeholders.
  • Own the technology risk policy suite and standards, ensuring they are implemented, reviewed regularly, and supported through training and awareness.
  • Oversee technology aspects of third‑party risk, including onboarding due diligence, review of assurance (e.g., SOC reports), remediation tracking, and ongoing monitoring in partnership with Compliance and procurement stakeholders.
  • Partner with Cyber Security to ensure threat, vulnerability, patch, and incident risk governance aligns to the current threat landscape and control expectations.
  • Drive operational resilience for technology services, including business continuity planning, crisis/incident governance, root‑cause analysis, and lessons learned.
  • Support client, regulator, and internal audit engagements related to technology risk, including responses to inquiries and evidence of control design and effectiveness.
Qualifications
  • Experience leading technology risk, IT risk, cyber/operational risk, or technology governance in a regulated environment.
  • Demonstrated ability to design and implement risk frameworks and governance processes, including assessment, prioritization, remediation tracking, and risk acceptance.
  • Broad technical knowledge across enterprise IT (infrastructure, applications, identity and access management, cloud/SaaS, and data governance) and how controls mitigate risk.
  • Strong stakeholder management skills with a track record of influencing senior leaders and driving outcomes across Technology, Compliance, Legal, and Internal Audit.
  • Excellent written, verbal, and presentation skills; able to communicate complex technical risk issues clearly to executives and governance committees.
  • Experience in developing and defining enterprise risk level appetite, tolerance thresholds, and escalation criteria.
  • Ability to challenge control owners constructively and drive accountability and remediation.
Preferred
  • Familiarity with industry regulations and standards (SOX, PCI, DORA) and technical frameworks (e.g., NIST, ISO 27001) and attack frameworks (e.g., MITRE ATT&CK or similar).
  • Experience interacting directly with regulators, auditors, and board risk committees.
  • Understanding of secure software development and application security risks.

The base salary range for this position is $110,000 – $315,000 per year.

All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, ancestry, genetic information, age, pregnancy, medical condition, disability, veteran or military status, marital status or any other characteristic protected by federal, state, or local law.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search