DTCC

Cyber Security Risk Treatment Oversight Senior Associate

DTCC$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree preferred or equivalent experience
  • Minimum of 6 years in cybersecurity risk management, technology risk, or GRC operations
  • Strong organizational and analytical skills
  • Experience with risk exceptions and policy deviations in regulated environments preferred
  • Familiarity with GRC tools and data visualization platforms (e.g., Power BI, Archer)

Responsibilities

  • Manage intake and lifecycle of Policy Deviation and Risk Acceptance submissions
  • Perform quality checks on submissions for compliance with procedures
  • Track status of open items and escalate concerns as necessary
  • Support governance forums by preparing materials and tracking actions
  • Document decisions and approvals for traceability
  • Generate risk treatment metrics and monitor aging trends
  • Prepare reports for senior management and regulatory inquiries

Benefits

  • Comprehensive health and wellness programs
  • Retirement savings options with company match
  • Continuous professional development opportunities
  • Flexible working arrangements
  • Collaborative and inclusive work environment
Full Job Description
Job Description

The Impact you will have in this role:

Cyber Security Risk Office (CSRO) is responsible for setting strategic direction in the areas of cybersecurity. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the Cyber Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on cybersecurity. Cyber Security Risk Treatment Oversight is responsible for the oversight, management, facilitation and reporting of the Risk Treatment (Policy Deviation and Risk Acceptance) for Technology and Information Security related risks. Responsible for identifying, managing, measuring, and mitigating a spectrum of technology and security related risks in existing and new products, activities, processes, and systems. Accountable for providing advanced technical, analytical and management skills to CSRO.

Your Primary Responsibilities:
  • Manage day-to-day intake, tracking, and progression of Policy Deviation (PD) and Risk Acceptance (RA) submissions through their full lifecycle, including renewals, extensions, and closure validation.
  • Perform initial completeness and quality checks on PD and RA submissions to confirm alignment with documented procedures, required artifacts, and governance standards prior to second-line review.
  • Maintain accurate status tracking for all open items, including aging, upcoming expirations, and SLA adherence, escalating concerns to program leadership as needed.
  • Support risk treatment and policy deviation governance forums (e.g., CRTL forums, leadership reviews) through agenda coordination, materials preparation, and action item tracking.
  • Document decisions, approvals, and conditions to ensure traceability, transparency, and defensible governance outcomes.
  • Produce and maintain risk treatment and policy deviation metrics, including lifecycle performance, aging trends, renewals, and items approaching or exceeding tolerance thresholds.
  • Support risk tolerance updates to enterprise metric repositories (e.g., IBM BPM or successor platforms) and validate data accuracy and consistency.
  • Prepare standard and ad-hoc reporting materials for senior management, governance committees, and audit or regulatory inquiries.
  • Maintain PD and RA procedures, job aids, templates, and governance documentation, including publication and upkeep in Navex or successor systems.
  • Ensure documentation, evidence, and decision records meet internal audit, regulatory, and examination standards.
  • Act as an operational point of contact for first line teams submitting PD and RA requests, providing guidance on process expectations, timelines, and documentation requirements.
  • Partner with Cyber Security Risk Office stakeholders to ensure consistent application of risk treatment standards and governance practices.
  • Identify recurring issues, thematic trends, or control gaps emerging from PD and RA activity and escalate insights to program leadership for credible challenge and prioritization.
  • Support program initiatives such as tooling enhancements (e.g., RAPD migration to SmartSuite), lifecycle standardization, and reporting enablement.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:
  • Bachelor's degree preferred or equivalent experience
  • Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.

Talents Needed for Success:
  • Strong organizational, analytical, and documentation skills with high attention to detail.
  • Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
  • Experience with GRC tools, data visualization tools, data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.

About the Team

Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.

About DTCC

The Depository Trust & Clearing Corporation (DTCC) is a financial services company that provides clearing, settlement, and information services for the global financial industry. DTCC was founded in 1999 and is headquartered in New York City. The company operates through subsidiaries that provide services such as trade matching, risk management, and asset servicing. DTCC is owned by its users, which include broker-dealers, banks, and other financial institutions. The company is committed to reducing risk and increasing efficiency in the financial markets.
Learn more about DTCC
Size
4,000 employees
Industry
Founded
1973

Similar Jobs

More Jobs at DTCC

More Information Technology Jobs

Find similar Cyber Security Risk Treatment Oversight Senior Associate jobs: