Job DescriptionThe Impact you will have in this role:
In this role, you will play a key part in executing the Credible Challenge assessment program within the Cyber Security Risk Office. Your work will directly contribute to strengthening DTCC's cyber risk governance by independently assessing First Line cyber security functions and evaluating the design and effectiveness of controls.
You will work closely with CSRO leadership, assessment leads, and First Line stakeholders to perform structured assessments, analyze evidence, identify risks and control gaps, and support clear, defensible assessment conclusions.
Your Primary Responsibilities:
- Execute Credible Challenge assessments of First Line cyber security functions, including planning, scoping, fieldwork, and documentation.
- Perform walkthroughs, interviews, and evidence reviews to assess control design and operating effectiveness.
- Evaluate alignment of First Line practices to internal policies, standards, and cyber security frameworks.
- Analyze assessment results to identify risks, control gaps, and themes.
- Draft assessment documentation and analysis summaries in accordance with Credible Challenge standards.
- Track assessment progress, issues, and action items and support timely escalation.
- Partner with Credible Challenge leads to ensure consistency and quality across assessments.
- Support continuous improvement of assessment procedures and templates.
**NOTE: The Primary Responsibilities of this role are not limited to the details above. **
Qualifications: - Bachelor's degree preferred or equivalent experience
- Minimum of 4 years of related experience in cyber security, cyber operations, cyber risk, IT audit, or technology risk
- Professional certifications such as CISSP, CISA or equivalent are a plus.
Talents Needed for Success: - Hands-on experience performing cyber security assessments or control testing.
- Strong analytical, documentation, and communication skills.
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
About the TeamOur Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.
The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.