Technology Risk Engineer - Vendor Risk Management

Job Description

A large investment banking client is looking for a Tech Risk Engineer to join their Transaction Banking team. This Tech Risk Engineer is a hands‑on technical role responsible for assessing technology and cybersecurity risks posed by third‑party vendors, designing risk treatment plans, and driving remediation in partnership with vendors and internal stakeholders. This role bridges deep technical expertise with risk governance, ensuring vendor‑introduced risks are identified, quantified, and resolved in alignment with the organization’s risk appetite.

Perform in‑depth technical risk assessments of vendors across cybersecurity, cloud architecture, data protection, application security, infrastructure resilience, and operational technology. Review SOC 1/SOC 2 Type II reports, ISO 27001 certifications, penetration test results, SBOMs, threat models, and architecture diagrams. Conduct technical deep‑dives on vendor environments, including API security, encryption standards, IAM configurations, network segmentation, and secure SDLC practices. Evaluate vendors against frameworks such as NIST CSF 2.0, NIST SP 800-161, ISO 27001/27036, CIS Controls, PCI‑DSS, and Cloud Security Alliance CCM.

Develop risk treatment plans (accept, mitigate, transfer, avoid) tailored to each finding’s severity, likelihood, and business impact. Define compensating controls, technical safeguards, and contractual provisions to reduce residual risk.

Partner directly with vendor security teams, engineers, and account managers to drive remediation of identified risks. Collaborate with internal Info Sec, Cloud Engineering, Application Security, and Business Owners to implement treatment plans. Facilitate technical workshops and remediation reviews with vendors to validate fixes and closure evidence. Track remediation progress, manage exceptions, and ensure timely closure within SLAs. Document key processes, transaction flow and controls across the business for internal and external use.

Assist in fact‑finding, data analysis, and supporting documentation collation in response to findings.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal‑opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances.

If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to  To learn more about how we collect, keep, and process your private information, please review Insight Global’s Workforce Privacy Policy:

• 3–5 years of experience in information security, technology governance, operational risk, technology or cybersecurity audit, regulatory compliance, third‑party risk management.
• B.S. or higher in Computer Science, Cybersecurity, or Information Security.
• Experience in financial services or fintech.
• Strong understanding of technology implications of regulations.
• Ability to understand internal and external processes and integration to understand risks and identify controls.
• Experience conducting audits (SOX, SOC 1, SOC 2, ISO 27001, etc.) or control assessments.
• Experience with vendor management.
• Experience communicating with high‑level global stakeholders on reporting.
• Strong documentation skills and ability to create standard operating procedures.