Tech Risk and Controls Lead
Job Description Join the GRC Frameworks and Taxonomy Team Role Overview Join our GRC Frameworks and Taxonomy Team as Vice President, Tech Risk & Controls Transformation Lead. In this senior role, you will be instrumental in defining, cultivating, and embedding “what good looks like” for technology risk and controls across the organization. You will set and uphold the big rules and standards for risk management, leveraging your extensive experience and exposure to best practices to guide the uplift and transformation of controls. This role requires deep expertise in designing frameworks, engaging diverse stakeholders, and driving continuous improvement in risk management practices. Key Responsibilities
- Define and Cultivate Best Practices: Establish and promote a clear vision of “what good looks like” for technology risk and controls, setting the big rules and standards that guide the organization’s approach.
- Frameworks and Taxonomy Leadership: Design, implement, and continuously enhance risk management frameworks and taxonomies, ensuring clarity, consistency, and alignment with regulatory, legal, and industry standards (e.g., NIST, ISO 27000, COBIT).
- Controls Uplift & Transformation: Lead and execute cross-functional initiatives to uplift and transform technology controls, ensuring they are robust, effective, and future-ready.
- Stakeholder Engagement: Partner with product, engineering, business, and control teams to embed best practices, facilitate collaboration, and drive adoption of frameworks and standards.
- Governance and Reporting: Oversee governance, reporting, and issue management for controls and frameworks, providing senior management with actionable insights into risk posture and control effectiveness.
- Continuous Improvement: Foster a culture of operational excellence and innovation, driving ongoing enhancement of risk management practices and frameworks.
- Communication and Influence: Effectively communicate the vision, standards, and program status to senior stakeholders, translating technical concepts into business impacts and ensuring buy-in across all levels.
- 10+ years of experience in technology risk management, cybersecurity, technical program management, or technology controls roles.
- Demonstrated experience in defining, recognizing, and cultivating “what good looks like” in risk and controls, with exposure to industry-leading practices and standards.
- Proven ability to design, implement, and operate risk management frameworks and taxonomies.
- Proficiency in regulatory, legal, and industry standards (e.g., NIST, ISO 27000, COBIT).
- Strong stakeholder management skills, with experience engaging product, engineering, and business teams.
- Excellent verbal and written communication skills, able to convey complex risk information and standards to diverse audiences.
- Strong analytical and problem-solving skills, with a track record of driving root cause analysis and effective solutions.
- Formal training or certification in Tech Risk & Controls (e.g., CISM, CRISC, CISSP) is preferred.