FreeHire

DTCC

Cyber Security Risk Governance Senior Associate

Show

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

  • Competitive compensation, including base pay and annual incentive
  • Comprehensive health and life insurance and well-being benefits, based on location
  • Pension / Retirement benefits
  • Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
  • DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

Cyber Security Risk Office (CSRO) is responsible for setting strategic directions in the areas of cybersecurity. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the Cyber Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on cybersecurity. The Cyber Security Risk Governance Senior Associate role supports the execution and coordination of the enterprise cybersecurity risk framework, including governance processes, policy and standards management, risk taxonomy maintenance, and reporting activities. The individual helps ensure second-line governance practices are consistent, well-documented, and aligned to regulatory, audit, and enterprise risk management expectations.

Your Primary Responsibilities:

  • Support the maintenance and alignment of cyber risk governance frameworks to enterprise and industry models (e.g., CRI, DTCC Corporate Risk Management Policy), including documenting governance processes for risk oversight, aggregation, and reporting.
  • Support the mapping of policies to control standards, cyber risks, and KRIs to help maintain traceability across governance, reporting, and risk treatment activities.
  • Assist in the development, maintenance, and periodic refresh of Cyber Security Risk Appetite and Risk Tolerance materials, including support for metric updates, documentation, and review coordination.
  • Support the development, maintenance, and publication of cybersecurity policies and control standards within SmartSuite or other designated governance platforms.
  • Maintain cyber risk taxonomy, top risk, and enterprise risk classification documentation, including support for updates, change tracking, and version control.
  • Support top cyber risk identification and prioritization activities by coordinating inputs, maintaining supporting documentation, and preparing materials for annual assessments and review discussions.
  • Coordinate credible challenge activities for top cyber risks by organizing stakeholder feedback, documenting outcomes, and tracking follow-up actions.
  • Support Cyber Risk Institute (CRI) maturity and controls assessments through evidence gathering, coordination with stakeholders, and tracking of assessment outputs.
  • Prepare and maintain governance committee reporting templates, recurring materials, and status updates to support consistent and comparable cyber risk reporting.
  • Support the development of reporting content for senior management and governance forums, including cyber risk posture summaries, trends, and emerging themes.
  • Coordinate with CSRO, GCRO, ORM, IT, and other stakeholders to help ensure consistent interpretation and application of cyber risk governance standards.
  • Support alignment to applicable regulatory and industry cyber risk management expectations (e.g., NIST CSF, CRI Profile, or equivalent) through documentation, evidence preparation, and control mapping support.
  • Partner across the Cyber Security Risk Office and first-line teams to support integrated governance, treatment, risk analytics, and reporting activities.
  • Maintain traceability and auditability of governance outputs by organizing documentation, evidence, approvals, and decision records in line with internal audit and regulatory expectations.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:

  • Bachelor's degree preferred or equivalent experience.
  • Minimum of 6 years of related experience in cybersecurity risk management, technology risk, remediation tracking, or GRC program operations.

Talents Needed for Success:

  • Strong organizational, analytical, and documentation skills with high attention to detail.
  • Experience supporting risk exceptions, policy deviations, or remediation oversight in a regulated environment preferred.
  • Experience with GRC tools, data visualization tools, data warehouse (e.g., Power BI, Snowflake, Archer, SmartSuite, ServiceNow).

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.