DTCC

Cyber Security Risk Governance Senior Associate

DTCC$100K — $130K *
Coppell, TX 75019In-Person
Information Technology
5 - 7 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Bachelor's degree preferred or equivalent experience
  • Minimum of 6 years in cybersecurity risk management or related fields
  • Strong organizational, analytical, and documentation skills
  • Experience in regulated environments with risk exceptions or policy deviations preferred
  • Familiarity with GRC tools and data visualization software (e.g., Power BI, Snowflake, ServiceNow)

Responsibilities

  • Support alignment of cyber risk governance frameworks to industry models
  • Map policies to control standards and KRIs for governance traceability
  • Assist in creating and updating Cyber Security Risk Appetite and Tolerance materials
  • Maintain cybersecurity policies and control standards in governance platforms
  • Support the documentation and classification of cyber risk taxonomy
  • Coordinate inputs for top cyber risk identification and prioritization
  • Organize stakeholder feedback for credible challenge activities
  • Prepare governance committee reporting templates and status updates
  • Help align to regulatory expectations through documentation and control mapping

Benefits

  • Work in a critical team responsible for identifying and mitigating risks
  • Opportunity to influence corporate cybersecurity policies
  • Access to advanced GRC and data visualization tools
  • Collaborate across multiple departments for comprehensive risk management
  • Engagement with industry standards like NIST CSF and Cyber Risk Institute
Full Job Description
Job Description

The Impact you will have in this role:

Cyber Security Risk Office (CSRO) is responsible for setting strategic directions in the areas of cybersecurity. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the Cyber Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on cybersecurity. The Cyber Security Risk Governance Senior Associate role supports the execution and coordination of the enterprise cybersecurity risk framework, including governance processes, policy and standards management, risk taxonomy maintenance, and reporting activities. The individual helps ensure second-line governance practices are consistent, well-documented, and aligned to regulatory, audit, and enterprise risk management expectations.

Your Primary Responsibilities:
  • Support the maintenance and alignment of cyber risk governance frameworks to enterprise and industry models (e.g., CRI, DTCC Corporate Risk Management Policy), including documenting governance processes for risk oversight, aggregation, and reporting.
  • Support the mapping of policies to control standards, cyber risks, and KRIs to help maintain traceability across governance, reporting, and risk treatment activities.
  • Assist in the development, maintenance, and periodic refresh of Cyber Security Risk Appetite and Risk Tolerance materials, including support for metric updates, documentation, and review coordination.
  • Support the development, maintenance, and publication of cybersecurity policies and control standards within SmartSuite or other designated governance platforms.
  • Maintain cyber risk taxonomy, top risk, and enterprise risk classification documentation, including support for updates, change tracking, and version control.
  • Support top cyber risk identification and prioritization activities by coordinating inputs, maintaining supporting documentation, and preparing materials for annual assessments and review discussions.
  • Coordinate credible challenge activities for top cyber risks by organizing stakeholder feedback, documenting outcomes, and tracking follow-up actions.
  • Support Cyber Risk Institute (CRI) maturity and controls assessments through evidence gathering, coordination with stakeholders, and tracking of assessment outputs.
  • Prepare and maintain governance committee reporting templates, recurring materials, and status updates to support consistent and comparable cyber risk reporting.
  • Support the development of reporting content for senior management and governance forums, including cyber risk posture summaries, trends, and emerging themes.
  • Coordinate with CSRO, GCRO, ORM, IT, and other stakeholders to help ensure consistent interpretation and application of cyber risk governance standards.
  • Support alignment to applicable regulatory and industry cyber risk management expectations (e.g., NIST CSF, CRI Profile, or equivalent) through documentation, evidence preparation, and control mapping support.
  • Partner across the Cyber Security Risk Office and first-line teams to support integrated governance, treatment, risk analytics, and reporting activities.
  • Maintain traceability and auditability of governance outputs by organizing documentation, evidence, approvals, and decision records in line with internal audit and regulatory expectations.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:
  • Bachelor's degree preferred or equivalent experience.
  • Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.

Talents Needed for Success:
  • Strong organizational, analytical, and documentation skills with high attention to detail.
  • Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
  • Experience with GRC tools, data visualization tools, data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.

About the Team

Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.

About DTCC

The Depository Trust & Clearing Corporation (DTCC) is a financial services company that provides clearing, settlement, and information services for the global financial industry. DTCC was founded in 1999 and is headquartered in New York City. The company operates through subsidiaries that provide services such as trade matching, risk management, and asset servicing. DTCC is owned by its users, which include broker-dealers, banks, and other financial institutions. The company is committed to reducing risk and increasing efficiency in the financial markets.
Learn more about DTCC
Size
4,000 employees
Industry
Finance & Insurance
Founded
1973
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at DTCC

More Information Technology Jobs

Find similar Cyber Security Risk Governance Senior Associate jobs:

NationwideCoppell, TX