Cyber Security Risk Governance Senior Associate

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

* Competitive compensation, including base pay and annual incentive

* Comprehensive health and life insurance and well-being benefits, based on location

* Pension / Retirement benefits

* Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

* DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

Cyber Security Risk Office (CSRO) is responsible for setting strategic directions in the areas of cybersecurity. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the Cyber Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on cybersecurity.

The Cyber Security Risk Governance Senior Associate role supports the execution and coordination of the enterprise cybersecurity risk framework, including governance processes, policy and standards management, risk taxonomy maintenance, and reporting activities. The individual helps ensure second-line governance practices are consistent, well-documented, and aligned to regulatory, audit, and enterprise risk management expectations.

Your

Primary Responsibilities:

* Support the maintenance and alignment of cyber risk governance frameworks to enterprise and industry models (e.g., CRI, DTCC Corporate Risk Management Policy), including documenting governance processes for risk oversight, aggregation, and reporting.

* Support the mapping of policies to control standards, cyber risks, and KRIs to help maintain traceability across governance, reporting, and risk treatment activities.

* Assist in the development, maintenance, and periodic refresh of Cyber Security Risk Appetite and Risk Tolerance materials, including support for metric updates, documentation, and review coordination.

* Support the development, maintenance, and publication of cybersecurity policies and control standards within Smart Suite or other designated governance platforms.

* Maintain cyber risk taxonomy, top risk, and enterprise risk classification documentation, including support for updates, change tracking, and version control.

* Support top cyber risk identification and prioritization activities by coordinating inputs, maintaining supporting documentation, and preparing materials for annual assessments and review discussions.

* Coordinate credible challenge activities for top cyber risks by organizing stakeholder feedback, documenting outcomes, and tracking follow-up actions.

* Support Cyber Risk Institute (CRI) maturity and controls assessments through evidence gathering, coordination with stakeholders, and tracking of assessment outputs.

* Prepare and maintain governance committee reporting templates, recurring materials, and status updates to support consistent and comparable cyber risk reporting.

* Support the development of reporting content for senior management and governance forums, including cyber risk posture summaries, trends, and emerging themes.

* Coordinate with CSRO, GCRO, ORM, IT, and other stakeholders to help ensure consistent interpretation and application of cyber risk governance standards.

* Support alignment to applicable regulatory and industry cyber risk management expectations (e.g., NIST…