Technology Risk Metrics & Reporting- Associate Director

---

Job description

Are you ready to explore a world of possibilities?
Join our DTCC family, and you'll grow your expertise and become the best version of you. As you embark on a new journey, you'll tackle challenges with flexibility and grace, learning new skills and advancing your career while having the time of your life.
Why You'll Love This Job:
The Operational Technology Risk (OTR)Metrics Team is responsible for defining and implementing metrics and reports that communicate the DTCC technology / cybersecurity risk posture which are relied upon by some of the highest levels of management in the organization for decision making including Management and Board level committees.
This incumbent is responsible to communicate and summarize sophisticated technical concepts and related risk analysis results to business and technology leaders. Risk analysis and reporting includes both qualitative and quantitative cybersecurity performance and efficiency measurements through metrics. The role will partner with stakeholders across the organization to support reporting of key technology risk management related governance, risk and compliance activities.
In addition to possessing core security and technology / risk knowledge the candidate must be highly organized with project management experience. Strong verbal and written communication skills are required, and the candidate should be comfortable in addressing and interacting with senior management. Being flexible and be able to run multiple deliveries within rigid target delivery dates are fundamental skills required for a candidate to be successful in this role.
Primary Responsibilities

Implement and improve the Technology RiskMetrics & Reporting program framework and underlying processes.
Ensure Program documentation is maintained up to date.
Lead standard operational metric and reporting activities including:
Oversight and hands on responsibilityof production reporting processes and delivery (from monthly planning to execution and status updates)
Maintenance of metric and report inventories
Management of new metrics and reporting in development and providing updates on status
Oversight and hands on responsibility of operational reporting tools and automation execution
Product Manager for report automation project initial implementation and improvements
Identification and development of new metrics and the improvement of existing metrics to improve DTCC information and cybersecurity risk reporting.
Creation new reports to improve communication of risks to management
Collaborate with IT, business, OTR and other key partners to identify, develop and implement cybersecurity risk metrics that provide a holistic view of technology risks for the DTCC business units
Perform analysis on risk and metric information to identify performance trends; Define and agree risk thresholds with business, IT and TRM partners
Actively coordinate and communicate metric and reporting activities and tasks to key partners in both business areas and IT; Identify and collaborate with partners for improvement of risk metrics
Review risk metric results and provide input to information security reporting and dashboards.
Develop new regulatory reporting required for new and existing regulatory requirements
Drive the metrics program to a higher level of maturity
Lead the execution of audit related metrics and reporting requirements
Delivery of Cybersecurity Operational Risk : Annual Report, Quarterly Risk Dashboard Report and other related reporting
Completion of Metric and Reporting Annual reviews

**NOTE: Responsibilities of this role are not limited to the details above. **
Talents Needed For Success:

7+ years industry experience in information / cyber security or information risk management
Bachelor's degree required.
CISSP/CRISC/GCCC certification or similar preferred
Project /Product management experience
Financial Services Industry experience a plus but not required

Additional Qualifications

Experience in the development of metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
Experience in cybersecurity governance, policy and risk management
Experience in developing risk profiles and conducting cybersecurity and technology assessments
Ability to explain and articulate technical concepts using non-technical language
Knowledge of security methodologies, policies, standards and best practices preferred
Knowledge of information technology systems, infrastructure and operations preferred
Proficient with Microsoft Word, Excel, and PowerPoint
Work closely by building consensus and influencing decision making to foster forward progress with projects and initiatives
Excellent organizational skills, coupled with ability to be versatile and flexible
Sound business judgment and the ability to work efficiently
Excellent grammar and style skills; ability to adapt writing style for different audiences and media

We offer top class training and development for you to be an asset in our organization!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.