Job Overview

We are seeking a highly skilled and technical savvy Director of IT Risk to join our team. This individual will play a crucial role in managing and maturing our information technology risk assessment processes, focusing on cloud, on-premise, and vendor application and systems. The candidate will be responsible for ensuring the effectiveness of our IT controls, maintaining the risk register, managing exceptions to IT policies, and contributing to our DevSecOps initiatives from a risk perspective. The ideal candidate will have a strong expertise in SOC1 and SOC2 assessments, a solid understating of AWS cloud security and an interest in leveraging AI and Gen AI technologies to enhance risk management decision making and process automation.

Responsibilities:

• Implement policies related to IT risk management and manage the policy exception process

• Conduct Business Impact Analysis across Arrowstreet’s business systems and establish criticality across all systems for prioritization of IT risk management efforts

• Work closely with Cyber security team to ensure completeness and effectiveness of our IT controls to identify, respond and remediate threats

• Oversee third-party IT risk assessment and collaborate with business leaders to discuss and address identified weaknesses

• Manage and mature the incident management process to cover incident review, root cause analysis, and oversee implementation of mitigating controls

• Maintain Risk Register for visibility, transparency, and prioritization of IT Risks 

• Create, develop, and maintain operational risk documentation

• Play an active role in responding to Client diligence questionnaires

• Evolve the existing IT risk assessment process to succinctly frame emerging threats and risks

• Research and develop data-driven assessment practices that will facilitate deeper risk conversations and surface insights in support of strategic decision-making

Qualifications:

• Minimum 10 years of experience in Information Technology, Information Security or IT Risk Management

• Passion and expertise in technology and cybersecurity domains

• Excellent understanding of IT Controls and Risk Assessment methodologies including SOC1 and SOC2

• Certifications such as CISSP, SISM, CIRISC, and AWS Certified Security

• Experience implementing controls aligned to industry standard frameworks (NIST, ISO 27001)

• Ability to collaborate effectively with colleagues, stakeholders, and leaders across multiple departments to get consensus, socialize strategy, and achieve objectives

• Exceptional communication skills and the ability to build strong relationships as well as credibility

• Ability to manage and drive multiple parallel initiatives forward while maintaining superior results

• Strong analytical, problem-solving, and decision-making skills

Technical Plus:

• Hands-on experience with AWS and cloud security practices

• Software development or infrastructure implementation experience

• Familiarity with optimization of the processes via automation, AI/Gen AI implementations

We maintain a friendly, team-oriented environment and place a high value on professionalism, attitude and initiative.