Local Embedded Risk Manager with CISSP/CISM/CRISC, Cyber Security Risk

Department Description: Enterprise Product & Platform Engineering Enterprise Production Assurance IT Resiliency & Data Center

Position Summary:

The Embedded Risk Manager (ERM) is responsible for assisting stakeholders with the identification and timely remediation of risk. She/he is a top-level contributor that acts independently with minimal direction. The ERM's ability to form strong relationships and communicate with a breadth and variety of management resources is critical. Attention to detail and strong time management skills are also required.

Specific Responsibilities : Follow the company's processes and methodologies for risk management Learn to effectively use the tools required for risk management at company such as the Policy and Document Management System (PDMS), Archer, and MetricStream

Comply with existing risk and control commitments and requirements • Liaison between and across the cost centers composing Enterprise Production Assurance (EPA) and IT Resiliency and Data Center (ITR&DC) and the following control functions: • Internal Audit Department • Technical Risk Management • Operational Risk Management • Regulators / Regulatory Relations • IT Risk Community of Excellence • Management Control Testing • Drive successful and timely completion of commitments and requirements • Issues and Actions • TRM network and app pen test findings, FOSS findings • Risk acceptances and policy deviations • PDMS Policy and Procedures document reviews • Additional artifacts as identified • Assist with articulating issues and remediation plans, drive timely submissions to control functions • Assist EPA and ITR&DC teams in tracking audit deliverables and facilitating management's timely response to requests • Track audit actions against defined delivery dates and assist with development of retarget plans as necessary

Protect stakeholders by identifying control adherence/design effectiveness gaps as first line of defense • Conduct proactive Control Environment Reviews (CER) to identify Management Self-Identified Issues (MSIs), policy deviations and risk acceptances to mitigate future control function findings • Update Process, Risk & Control (PRC) framework proactively • Review Key Performance Indicator (KPI) maker/checker compliance • Work closely with management and stakeholders to accurately report status of audit, compliance, and regulatory actions • Collaborate effectively with the Risk Management Center of Excellence to drive the teams' timely response to TRM, ORM, external Audits, and regulatory requests

Enable strategic improvement of IT control environment • Provide guidance and become central point of contact between stakeholders and control functions • Integrate risk management into each team's continuous improvement processes, roadmaps, and strategies • Drive/facilitate the DTCC Risk Mindset and Risk and Control continuous improvement

Knowledge and Skills Required: • Proven knowledge of technical infrastructure, networks, databases and systems and how they affect an organization's cybersecurity risk • Proven knowledge of security methodologies, policies, standards and best practices • Proven knowledge of information technology systems, infrastructure and operations • Ability to explain and articulate technical concepts using both technical and non-technical language • Critical thinking and analytical skills • Excellent presentation skills (MS PowerPoint) • Ability to manipulate data in a spreadsheet (MS Excel) • Ability to work collaboratively by building consensus and influencing decision making to foster forward progress with projects and initiatives • Strong oral and written communication skills • Excellent organizational skills, coupled with ability to be versatile and flexible • Sound business judgment and the ability to work successfully with all levels of management • Excellent grammar and style skills; ability to adapt writing style for different audiences and media

Education, Training and Certification:

Bachelor's degree preferred

CISSP/CISM/CRISC certification preferred