Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.

As an Assessments & Exercises Vice President in Cybersecurity Technology & Controls, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline root-causes. In this role, you will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

Job responsibilities

• Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
• Collaborate closely with cross-functional teams to develop comprehensive assessment reports – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that encourage continuous improvement
• Assess the impact of identified technology control observations on internal controls over financial reporting, ensuring timely escalation.
• Continuously monitor technology risks to ensure adherence to firm standards, regulatory requirements, and industry-leading practices.
• Develop and execute risk mitigation strategies, ensuring technology control observations are addressed through the design and implementation of effective processes and controls.
• Partner with internal control functions, internal audit, and external audit teams to support technology controls testing, as well as quarterly and annual SOX and SOC reporting programs.
• Contribute to initiatives that strengthen the management of technology risks within business processes and SOX/SOC programs by conducting ongoing process and control assessments, ensuring governance adherence, and alignment with firm standards and policies.
• Leverage artificial intelligence and monitoring tools to proactively identify, analyze, and mitigate risks by interpreting process data insights and metrics for control effectiveness.
• Lead and execute assigned technology risk assessment activities, including annual, quarterly, and ongoing reviews, walkthroughs, and oversight of control operating effectiveness.
• Develop materials and communicate impact assessment findings, recommendations, and status updates to senior leadership, business process owners, and relevant stakeholders.
• Collaborate with cross-functional teams across business and technology to design, implement, and evaluate effective technology controls, ensuring their positive impact on business processes.

Required qualifications, capabilities, and skills

• Obtain 5+ years of experience in technology risk management, information security, or a related field, with hands-on expertise in controls testing, observation assessment, and remediation.
• Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels
• Demonstrated ability to evaluate technology risks and control observations, with a solid understanding of industry standards and leading practices.
• Strong analytical and problem-solving skills, with a track record of resolving risk issues and supporting remediation strategies.
• Familiarity with risk management frameworks, regulatory requirements, and compliance standards such as SOX, SOC 1, SOC 2, COSO, NIST, COBIT, and SEC guidance for internal controls over financial reporting.
• Proven ability to leverage IT expertise to support compliance initiatives and enhance control environments.

Preferred qualifications, capabilities, and skills

• Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other recognized credentials in risk management or information security.
• Knowledge/experience in modern programming language
• Experience with cloud platforms, including Azure, AWS, or Google Cloud.
• Excellent communication and presentation skills, with the ability to influence stakeholders at all levels and effectively convey risk-related findings to both technical and non-technical audiences.
• Strong interpersonal skills and a collaborative approach to working with cross-functional and geographically dispersed teams.
• Commitment to ongoing professional development and staying current with industry trends.