As the Risk & Compliance Platform Manager for the firm, your primary responsibilities will be to develop, optimize, and oversee the technologies used to manage our risks, including designing and enhancing our GRC platform’s technical roadmap, and designing technologies that aid our Data Privacy Officer’s mandate. The role reports to the VP of Compliance & Privacy as your business leader in various risk management strategies for the firm overall. You proactively engage stakeholders to understand internal and external needs, fulfilling requirements with a focus on enabling technologies that measure our internal compliance, privacy, and cyber reporting. This includes evolving and enhancing our GRC technologies, and rationally communicating our risk technology and implementation priorities.

• Evolve our compliance controls and create key performance indicators for the success of our governance
• Develop solutions to improve new and existing GRC systems and processes
• Design and implement effective processes that facilitate real-time visibility and enable more efficient engagement with audit partners
• Maintain technical and business skills and knowledge of market trends and competitive insights; collaborate and share with the risk owners across the business
• Be an evangelist with stakeholders, partners, and project teams to ensure privacy by design and automated compliance are embedded in our new initiatives

Experience

• 10+ years of success in IT architecture and cybersecurity.
• Experience with implementation and management of various Governance, Risk, and Compliance systems and their ongoing enhancement
• Experience successfully converting policies and compliance controls into automated monitoring via GRC platforms to adhere to leading standards such as PCI, HIPAA, HITRUST, NIST 800-53, and SSAE18
• Experience working across functions that may include cyber risk, BCP, audit, credit risk, legal, and other business lines that are reliant on your platforms

Relationship Building

• Proven track record of building deep relationships with senior stakeholders
• Experience in managing IT relationships to get consensus on solutions risk-oriented lines of business
• Ability to engage, influence and lead in a positive inspiring manner with strong empathy for the front-line of the business
• Excellent technical decision making and the ability to serve as the subject matter expert and master architect for risk platforms, partnering with your IT colleagues to create enterprise solutions

Collaboration, Mentoring, and Communication

• Acknowledged for driving decisions collaboratively, resolving conflicts and ensuring follow through with exceptional verbal and written communication skills
• Ability to orchestrate, lead, and influence virtual teams, ensuring successful maturation of processes and controls
• Presentation skills with a high degree of comfort with both large and small audiences (Senior Executives, IT management, Credit, Legal, Cyber, Facilities)

Technical

Enterprise-wide skills deploying unified compliance framework tools, GRC platforms, and implementing the right tools to holistically manage an integrated risk management approach for a risk-averse enterprise.

Subject matter expertise in one or more of the following:

• IT systems that address Third party risk management, screening for sanctions, Know your customer (KYC), Politically exposed person (PEP), and other important considerations
• Internal risk assessments with recommendations for reduction of risks through technology investment
• Strong familiarity with the various US States Privacy Laws, such as CCPA, and those of GDPR in Europe and how those standards will influence IT designs
• Experience deploying and maintaining a leading GRC platform such as Diligent, Audit Board, Archer, Workiva, or others
• Experience with data protection techniques and tools

Education

• Minimum 10 plus years IT experience focused on cyber, BCP, compliance technologies
• Minimum 3 plus years of exposure to privacy related tools to adhere to i CCPA or GDPR regulated business
• Undergraduate degree.
• Relevant certifications in compliance, risk management, privacy, or cybersecurity are preferred that may include CISSP, ISSAP, ISSMP, CRISC, CISA, or CISM