Technology & Data Risk Controls Director

Technology & Data Risk Controls Director

The Technology & Data Risk Controls Director is a recognized subject matter expert responsible for shaping the enterprise‑wide strategy, standards, and evolution of the technology and data control environment. This role applies deep expertise across regulatory, operational, and technology risk disciplines to define forward‑looking control frameworks that align with corporate objectives and enable secure, scalable innovation. Leads the development of enterprise control principles, methodologies, and practices, ensuring alignment with ICFR, SOC 1/SOC 2, regulatory, and emerging risk expectations.

Acts as a trusted advisor to senior leadership, influencing technology strategy, architecture decisions, and transformation initiatives to embed risk and control considerations at the foundation. Accountable for driving outcomes that materially impact the effectiveness of the organization’s control environment. Champions innovation in control design, automation, and continuous monitoring, leveraging advanced analytics, AI‑enabled capabilities, and evolving industry standards. Serves as a key enterprise liaison with Internal Audit, External Audit, and Second Line functions, representing the organization on complex, high‑impact control matters.

• Translates ICFR, SOC 1, regulatory, and operational risk requirements into practical guidance for technology and data control owners.
• Leads the development of forward‑looking control frameworks and methodologies that address emerging risks in cloud, data, AI, and digital transformation environments.
• Provides thought leadership on the integration of control design into enterprise architecture, delivery models, and innovation strategies.
• Leads Technology & Data Risk Control Self?
  
  Assessments (RCSAs), ensuring credible, consistent evaluation of control design and operating effectiveness.
• Establishes and maintains enterprise control standards, policies, playbooks, and governance models to ensure consistency, scalability, and effectiveness across all technology and data domains.
• Ensures alignment of the control environment with regulatory expectations, industry frameworks (NIST, ISO, COBIT), and leading practices.
• Leads resolution of highly complex and ambiguous control challenges, including those involving emerging technologies, cross‑functional dependencies, and evolving regulatory landscapes.
• Applies conceptual and strategic thinking to evaluate intangible risks, interdependencies, and long‑term implications of technology and data initiatives.
• Drives root cause analysis and systemic remediation strategies for significant control failures or operational incidents.
• Serves as a trusted advisor to senior executives and technology leaders, influencing decisions on strategy, architecture, and large‑scale transformation initiatives.
• Creates and leads formal networks across Technology, Risk, Compliance, and Audit functions to align priorities and coordinate enterprise control initiatives.
• Represents the organization in complex audit, regulatory, and external engagements, providing authoritative expertise on technology and data controls.
• Leads the enterprise roadmap for control automation and continuous monitoring, driving innovation in evidence generation, control testing, and reporting.
• Leverages analytics, AI‑enabled tools, and advanced technologies to enhance risk sensing, improve control effectiveness, and reduce operational burden.
• Champions adoption of "control‑by‑design" principles across product development, system implementation, and process transformation efforts.
• Accountable for the effectiveness, scalability, and maturity of the technology and data control environment across the organization.
• Drives measurable improvements in control reliability, audit outcomes, and operational risk reduction.
• Oversees and guides the resolution of enterprise‑level control issues, ensuring timely and sustainable remediation.
• Provides strategic oversight of technology and data resilience frameworks, including business continuity and disaster recovery alignment with enterprise objectives.
• Ensures integration of control considerations into…