Technology Risk Manager, Vice President

Job description

About this role

The Enterprise Technology Risk & Controls team is a key part of the first line of defense and is characterized by a proactive and collaborative spirit. The team works closely with the technology, engineering and controls teams to ensure a consistent and comprehensive approach to risk management and control.

Focus of the role

The team achieves its mission through four core pillars:

• Risk Assessment & RCA's: Lead and drive the Risk Control Self-Assessment process across technology risk management within BlackRock's core technology environments.
• Risk identification and escalation: Proactively identifying and proposing risk mitigation opportunities, particularly in technology infrastructure and cyber security.
• Internal Audits & Compliance: managing internal audit support, coordinating with internal and external auditors, providing audit responses and ensuring action plans are completed.
• Prioritization & completion of risk actions: Oversee the completion of risk management action plans, including findings from internal audits, policy compliance and regulatory obligations.
• Risk Process Management: Enabling key risk processes, including the development and implementation of control testing, third party risk management and policy alignment.

Key tasks

• Risk Assessments & RCAs: Lead and drive the Risk Control Self-Assessment process across technology risk management within BlackRock's core technology environments.
• Risk identification and escalation: Proactively identifying and proposing risk mitigation opportunities, particularly in technology infrastructure and cyber security.
• Internal Audits & Compliance: managing internal audit support, coordinating with internal and external auditors, providing audit responses and ensuring action plans are completed.
• Prioritization & completion of risk actions: Oversee the completion of risk management action plans, including findings from internal audits, policy compliance and regulatory obligations.

Required skills & experience

• Interpersonal & Executive Professionalism: Strong interpersonal and communication skills; ability to build relationships; develop and influence stakeholders internally and build strong relationships of trust with senior leaders.
• Problem Solving & Critical Thinking: Proven ability to think strategically and challenge the status quo; strong root-cause analysis skills; and attention to detail.
• Technology risk expertise: understanding of technology controls, policies, particularly around security and systems management, and IT infrastructure.
• Risk Mitigation Project Management: Leading projects focused on reducing technology and operational risks, which includes planning, scheduling and executing initiatives to implement new or improved risk mitigations.
• Operational risk frameworks: knowledge of effective risk management frameworks; and knowledge of industry standards such as HITL, NIST, CoBIT; and CISM, CISA.

Reporting & transparency

Develop and deliver regular risk reports, audit results, RCSAs results; and compliance metrics that ensure clear ownership and effectiveness of controls. These reports should communicate the status of risk mitigation actions; audit findings; RCAs and results; clear ownership; and effectiveness of controls.

Certifications

CISA or CRISC certification is preferred.

Location

Edinburgh, Scotland