Cyber Security Risk Treatment Oversight Senior Associate
The Depository Trust & Clearing Corporation (DTCC) · Texas, United States · 1 wk ago
FinanceFull-time
The Impact You Will Have
In this role, you will:
- Manage day-to-day intake, tracking, and progression of Policy Deviation (PD) and Risk Acceptance (RA) submissions through their full lifecycle.
- Perform initial completeness and quality checks on PD and RA submissions to confirm alignment with documented procedures, required artifacts, and governance standards.
- Maintain accurate status tracking for all open items, including aging, upcoming expirations, and SLA adherence.
- Support risk treatment and policy deviation governance forums through agenda coordination, materials preparation, and action item tracking.
- Document decisions, approvals, and conditions to ensure traceability, transparency, and defensible governance outcomes.
- Produce and maintain risk treatment and policy deviation metrics, including lifecycle performance, aging trends, renewals, and items approaching or exceeding tolerance thresholds.
- Support risk tolerance updates to enterprise metric repositories and validate data accuracy and consistency.
- Prepare standard and ad-hoc reporting materials for senior management, governance committees, and audit or regulatory inquiries.
- Maintain PD and RA procedures, job aids, templates, and governance documentation, including publication and upkeep in Navex or successor systems.
- Ensure documentation, evidence, and decision records meet internal audit, regulatory, and examination standards.
- Act as an operational point of contact for first line teams submitting PD and RA requests, providing guidance on process expectations, timelines, and documentation requirements.
- Partner with Cyber Security Risk Office stakeholders to ensure consistent application of risk treatment standards and governance practices.
- Identify recurring issues, thematic trends, or control gaps emerging from PD and RA activity and escalate insights to program leadership for credible challenge and prioritization.
- Support program initiatives such as tooling enhancements, lifecycle standardization, and reporting enablement.
Qualifications
- Bachelor's degree preferred or equivalent experience.
- Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.
- Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
- Experience with GRC tools, data visualization tools, and data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).
Benefits
- Competitive compensation, including base pay and annual incentive.
- Comprehensive health and life insurance and well-being benefits, based on location.
- Pension / Retirement benefits.
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- A flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
Pay
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
Schedule
DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).