Director, Enterprise Risk (Technology Risk)

Posted 22 August 2023
Salary US$150000.00 - US$170000.00 per annum
LocationNew York
Job type Permanent
Discipline Risk
Contact NameShaun Littler

Job description

Broadgate are working with a payments firm in NYC to help them recruit a Director, Enterprise Risk to join their growing organization.

This role will have responsibilities in all aspects of the enterprise-wide risk management program, with a particular emphasis on Technology Risk Management. This role is both a strategic and tactical position, where the candidate will facilitate and lead interfacing with functional units to evolve the organization's ERM and Technology Risk Framework, and establish, communicate, and execute risk management methodology, processes, risk appetite and risk culture.

This role will support leadership in identifying and managing risks during a period of rapid organizational and technological change, and industry advancement. Areas of technology focus will include the advancement of the Company's usage of Cloud Computing, migration from legacy technology, and adoption of Agile software delivery methodologies. The role will ensure that the company appropriately prioritizes, manages and monitors risk by collaborating with several departments and defining risk ownership. A successful candidate will contribute to the Technology Risk Management program by executing technology risk assessments, developing reporting, and progressing the ERM framework by enhancing information technology risk processes, controls, methodologies, guidelines, procedures, and practices.

Key Responsibilities:

  • The Director ERM role is a critical member of the Risk Office and is responsible for contributing towards the design, development, implementation, and execution of the ERM Technology Risk Framework in order to effectively identify, measure, monitor, and control enterprise-wide technology risks.
  • Plan and conduct technology risk assessments across The Clearing House suite of products and technology domains. Socialize findings resulting from risk assessments with relevant stakeholders and assist with the remediation of said findings.
  • Identify specific IT risk observations and work with affected parties to classify and address risk issues.
  • Act as the IT risk management liaison between various business organizations and risk functions while dealing with IT risk matters.
  • Identify, understand, and assess Information and Technology risks associated with operational processes.
  • Apply sound judgment in evaluating risks and controls. Effectively challenge IT leads on the identification and acceptance of risks and the adequacy of controls.
  • Perform risk assessments to identify current and emerging key risks (operational, technology, etc.).
  • As the second line of defense, provide thought leadership and constructive challenge to the first line of defense for risk-related matters.
  • Build, maintain and enhance business relations with department and business heads for the smooth implementation of risk management activities across the organization.
  • Contribute to the evolution of the ERM Framework, including driving consistency in measurement and methodology across risk management tools, and build out and maintenance of Key Risk Indicators.
  • Ensure the organization's risk profile as related to its activities and dependencies are in alignment with the Business Strategy and Risk Appetite.
  • Monitor and analyze risks within the company's business units and report on these risks to the internal and external risk committees, supervisors and other applicable internal stakeholders.
  • Act as business subject matter expert for the design and implementation of strategic changes to the GRC platform.
  • Help drive the ERM team in identifying, assessing, monitoring, communicating and reporting risk profiles and matters to the applicable stakeholders.
  • Manage and develop junior team members and manage consultants as applicable.
  • Work successfully in a collaborative and team-oriented environment that encourages diversity of thought and open debate of ideas, must possess sound judgment and have the ability to function in a respectful manner.


  • Bachelor's degree in finance, business or technology-related field.
  • At least 6-8 years of risk management experience serving as a subject matter expert in Technology Risk Management.
  • Proven experience in working with or contributing to the development of an ERM or Technology Risk framework in a dynamic and complex organization.
  • Applied knowledge of Information Technology operational business processes and industry best practices including areas such as IAM, SDLC, Agile, Computer Operations, Security and Vulnerability Management.
  • Knowledge of Information Technology Systems, Networks and Cloud Computing, e.g. experience with AWS, MS365, or Azure.
  • Applied experience with IT governance and controls, including governance and control frameworks, such as NIST, COBIT, ITIL, FFIEC, COSO or equivalents.
  • Knowledge of IT risk, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis.
  • Experience with new technology trends relating to enterprise-level cloud-based development, deployment, and assessment, including PaaS, IaaS, and SaaS.
  • Technical certifications such as CISA, CRISC, CGEIT, CCSP, CCSK, SANS SEC545, CISSP, GIAC, CISM, or equivalents are preferred.
  • Risk Management related certifications such as ISO-31000 are preferred.
  • Experience in Payments and/or Banking related fields, including Payments or Banking Technology.
  • RSA Archer or other GRC experience.

For more information, or to set up a call, please apply via the link, or email