Technology Risk and Controls - Control Review and Governance Lead
On-site · Columbus, Ohio, United States
Job Summary
Lead Infrastructure Platforms control review and governance for Archer catalog changes, owning the governance vision from intake to approval and implementation tracking. Build and operate a governance process for control procedure and control objective changes, ensuring reviews, feedback, and sign-offs. Identify, quantify, communicate, and manage technology risk with root-cause analysis and actionable remediation recommendations. Partner with Product Security, 2LOD, Audit, and Infrastructure Platform leaders to validate control design and operating effectiveness, aligning with firm, legal, regulatory, and industry standards. Execute reporting and governance of controls, policies, issues, and metrics; provide senior management insights on control effectiveness and risk posture. Perform control assessments, QA reviews, issue closure testing, and remediation oversight. Establish KRIs/KPIs and SLAs/SLOs to drive resiliency, scalability, and stability in the control review process. Create transparent traceability for catalog changes, including impact assessments, decisions, evidence, and audit-ready artifacts. Lead continuous improvement by analyzing feedback and testing results to streamline workflows, reduce risk, and enhance stakeholder experience. Communicate changes to control objectives and procedures to Infrastructure Platforms and coordinate adoption, training, and feedback loops.
Required Qualifications
- 5+ years of experience in technology risk management, information security, or related fields with a focus on risk identification, assessment, and mitigation
- In-depth knowledge of financial regulations and compliance requirements related to cybersecurity (e.g., GDPR, PCI DSS, SOX, FFIEC)
- Understanding of national/international laws, regulations, policies, and ethics related to financial industry cybersecurity
- Proficient in data security, risk assessment and reporting, control evaluation/design/governance, with a proven track record of implementing effective risk mitigation strategies
- Demonstrated ability to influence executive-level decision-making and translate technology insights into business strategies for senior leaders
- Working knowledge of infrastructure platforms (compute, storage, network, middleware) and cloud architectures and their control requirements
- Experience designing, testing, and evidencing controls aligned to recognized frameworks (e.g., NIST CSF, ISO 27001, CIS Controls, SOC 2)
- Fluency in Agile product management practices, including backlog management, user story creation, acceptance criteria, and iterative delivery
- Ability to build dashboards/metrics that convey control effectiveness, cycle time, and risk posture to stakeholders
- Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.