Job
Description
As a Tech Risk & Controls Associate in Cybersecurity & Tech Controls team, you will be a part of a team that supports the implementation of risk mitigation strategies, controls and action plans for the firm. Working closely with the technology risk teams and cross-functional partners, you contribute your skills and insights to the continuous improvement of risk management methods. As a valued member of the team, you will have the opportunity to learn and grow in a dynamic and fast-paced environment, making a tangible impact on technology risk and controls at the firm. We are seeking a Regulatory and Industry Risk Assessor with a background in audit, regulatory and industry risk assessments, and threat modeling to join our growing Technology Risk and Controls organization. This role will serve as the assessor, supporting the firm s continuous compliance with key regulatory frameworks, including SOX, PCI, Swift, HKMA CRAF, and other industry standards. Job responsibilities Facilitate the execution of assessments to ensure they align with organizational goals, risk tolerance, and regulatory standards. Govern and track issues from assessments, ensuring timely resolution and closure of control deficiencies. Monitor technology risks to ensure adherence to company standards, regulatory mandates, and industry best practices. Collaborate with cross-functional teams to implement effective controls. Analyze complex scenarios, advise on risk management strategies, and support risk mitigation efforts. Develop threat modeling processes to identify and prioritize potential threats to the organizations technology infrastructure. Work with stakeholders to integrate threat modeling into the risk management framework, ensuring alignment with governance and compliance goals. Required qualifications, capabilities, and skills Formal training or certification on Tech Risk & Controls concepts and 2+ years applied experience Experience in identifying, assessing, and evaluating risk controls, with a solid grasp of industry standards. Proven capability to analyze intricate issues, devise and execute risk mitigation strategies, and communicate efficiently with senior stakeholders. Well-versed in risk management frameworks, regulations, and industry best practices. Experienced in threat modeling, with the ability to identify and evaluate potential threats and incorporate threat modeling into risk management processes. Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, or similar industry-recognized risk and risk certifications are preferred. Familiar with threat modeling tools and methodologies, such as STRIDE, DREAD, or PASTA, is a plus.
