Technology Risk Management - Control Officer; VP
Listed on 2026-07-10
-
IT/Tech
IT Support, IT Business Analyst, Cybersecurity
Job Summary
Technology Risk Management Control Officer will serve as a Technology Risk SME aligned to specific operational unit and will be responsible for supporting development, implementation, and ongoing management of a First Line of Defense (FLOD) program related to assigned operational unit and enforcing policies & procedures developed to ensure compliance with regulatory obligations. The Control Officer will engage with various groups to help develop the assigned unit-specific project plan and drive the execution of the plan in line with established deadlines, and will interact with Compliance, Legal, Risk, and all other corporate groups supporting the execution of the program.
Additionally, there will be defined elements of the policies and procedures that will become the responsibilities of the Control Officer upon achieving a business as usual environment.
- Assessment of processes, risks, and control of environment.
- Issue Management lifecycle reporting
- Specific BAU responsibilities will include working collaboratively with the businesses as a BURM team representative to execute the following:
- Issue Identification:
- Partner with business to proactively identify MSIs and appropriately document SLoD and TLoD identified issues, using the appropriate templates and coordinating with impacted stakeholders to document accurate root causes and seek required approvals for issues to be submitted through issue intake and pass tollgate for issue documentation in Open Pages.
- MAP development:
- Work with other BURM teams and BURCO validation teams to challenge any potential issues and participate in issue identification and development once they are recognized and agreed as issues
- Review, challenge, and participate in issues’ MAP development to ensure MAPs can address the control deficiencies and symptoms pointed out in the issue, including building out a sustainable and repeatable process
- Issue validation:
- Perform first line validation of issues including MSIs, SLoD, TLoD, and regulatory issues
- Review, challenge, and participate in issue lifecycle validation with BURMs’ teams to ensure issue packages are completed properly prior to being presented at tollgates (review and challenge) meetings
- Reporting and QA support:
- Support management to generate various metrics/ reports for senior management and board level committees
- Maintain standard IM templates
- Provide QA and reports on Open Pages issues
- Stakeholder engagement:
- Engaged with Operations & Technology key stakeholders, management, BURMs, SLoD, and TLoD to ensure risks are understood across all LoDs and risk treatment is properly identified and remediated
- Manage issues tollgate process:
- Review issue intake submissions for tollgates (review and challenge), provide feedback on issue packages (new issues, MAPs, closures packages, risk acceptances), ensure requirements are met, and that follow-ups are acted on and completed
- Additional non-project responsibilities will include working collaboratively with the business units and their risk teams to execute the following:
- Support management to generate various metrics reports for senior management and board level committees
- Maintain standard issues management (IM) templates
- Provide quality assurance (QA) and reports on Open Pages issues
- Engage with key stakeholders, management, BURMs, SLoD, and TLoD to ensure risks are understood across all lines of defense (LoD) and risk treatment is properly identified
- Experience with key risks associated with Application Development (System Development Lifecycle) Dev/Sec/Ops, deployment pipeline, and cloud architecture.
- Demonstrated experience in ITIL Foundation
- Demonstrated experience with Risk and Control design and assessments.
- 2-4 years’ experience in Application Development (SDLC), risk & control or audit function
- Experience with risk metrics definition and reporting/scorecard development utilizing key risk metrics tools preferred
- Experience with key risks associated with Application Development (SDLC) Dev/Sec/Ops, deployment pipeline, and cloud architecture.
- Skilled experience with performing, defining, refining and documenting processes necessary to produce…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).