Job Description

The Impact you will have in this role:

Being a member of IT FinSight Delivery team, An IT ERM Associate Director has primary responsibility of supporting and conducting targeted IT risk assessments as well as the analysis and remediation of risk items including policy deviations, risk acceptances, issues and actions.

The incumbent will execute and support day-to-day IT risk management activities (such as risk and controls assessments), manage deadlines and stakeholder expectations, and lead or participate in projects within assigned areas of responsibility.

In carrying these responsibilities, the incumbent must work collaboratively with the IT Risk Management team (including Management Control Testing and Center of Excellence functions), other risk & control functions (e.g., Internal Audit, Technology Risk Management), as well as with IT line management (1st line).

Your Primary Responsibilities:

DTCC's Information Technology (IT) Risk Management program is designed to identify, manage, measure and mitigate risks in all IT Capabilities.

• Maintaining and enhancing IT risk management framework. The framework is comprised of tools and processes to help DTCC:
• Identify new risks, changes in risk, or relationships between risks
• Monitor and escalate key matters of risk and control.
• Support IT management in maintaining a complete and accurate Process, Risk, and Control library
• Formulating, disseminating and administering IT risk management policy and procedures;
• Providing risk and control consultation and evaluations of control effectiveness to support/ evidence management awareness of the effectiveness of the control environment (i.e., assist management in issue self-identification)
• Liaising with Technology Risk, Information Security, Technology Centers of Excellence and with other subject matter experts within the organization to ensure that risks and appropriate mitigants are identified and communicated throughout the organization.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:

• Minimum of 8 years of related experience
• Bachelor's degree preferred and/or equivalent experience

Talents Needed for Success:

• 8+ years of experience in risk management/ analysis and/or technical auditing/ examination
• Demonstrated experience leading and executing IT Risk and Control Self-Assessments (RCSAs), including risk identification, inherent and residual risk assessment, control design evaluation, and challenge of risk ratings.
• Strong experience producing IT quarterly risk reporting for senior management, including aggregation of risk themes, trend analysis, key risk indicators (KRIs), and concise executive-level commentary.
• Proven ability to define, analyze, and interpret IT risk metrics, with solid quantitative and analytical skills to assess control effectiveness, risk trends, and out-of-tolerance conditions.
• Deep understanding of core IT processes and technologies (e.g., application development, infrastructure, cloud, cybersecurity, resiliency, change management) and how process failures translate into operational and regulatory risk.
• Experience designing and executing risk assessments across complex IT environments, including scoping, evidence evaluation, stakeholder interviews, and synthesis of findings into actionable risk insights.
• Strong business acumen, with the ability to understand supported business areas, critical services, and client impacts, and to align IT risk assessments to business priorities and outcomes.
• Hands-on experience analyzing IT asset inventories (applications, infrastructure, platforms, data assets) and extrapolating risk findings across portfolios, capabilities, and business lines to identify systemic issues.
• Demonstrated expertise in incident analysis and root cause analysis, including evaluation of technology incidents, control failures, and near-misses to inform risk assessments, corrective actions, and risk reporting.
• Ability to challenge effectively and independently, partnering with IT, risk, and business stakeholders while maintaining strong governance, documentation standards, and audit readiness.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.

About the Team

The IT SIFMU Delivery Department supports core Clearing and Settlement application delivery for DTC, NSCC and FICC. The department also develops and supports Asset Services, Wealth Management & Insurance Services and Master Reference Data applications.