Associate, Technology Risk Management

Description

About this role

Business Overview

The Risk & Quantitative Analysis (RQA) group provides independent oversight of BlackRock’s fiduciary and enterprise risks. RQA’s principal objectives are to advance the firm’s risk management practices and to deliver independent risk expertise and constructive challenge to drive better business and investment outcomes. RQA’s risk managers play a meaningful role in BlackRock’s investment process, using quantitative analysis and a multi-disciplinary skillset to tackle real-world problems and provide tangible solutions in the investment management process.

RQA is committed to investing in our people to increase individual enablement and ultimately build a stronger team. Our goal is to create a culture of inclusion which encourages collaboration, innovation, diversity, and the development of our future leaders. We actively engage in discussions on career growth and work with team members to understand how personal passions and strength connect with our purpose.

Who We Are

The RQA Technology Risk Management (TRM) team is a key part of the RQA Enterprise Risk Management group. As a second line of defense function, our mission is to help ensure senior management has defined technology controls that protect our clients and firm, and support the achievement of firm-wide business goals within our risk tolerance. TRM partners with senior management, Aladdin Product Group and Technology leadership, Innovation Office and Information Security, and other control functions in the first and second lines of defense to achieve this mission.

What You Will Be Doing:

- Lead and support TRM activities to execute continuous control monitoring, such as:

- Conduct business engagement meetings and follow-ups with BlackRock stakeholders throughout the year to understand and identify key processes, risks and controls within their business units.
- Design and lead thematic risk assessments, including control testing.
- Identify, analyze, detail, and manage potential technology risk and control gaps, including those in sub-disciplines like cybersecurity, data governance and disaster recovery / resilience.
- Design and lead data and trend analyses of large datasets, and develop new risk measures.
- Oversee risk remediation efforts for risk and control issues, and support issue closure or risk acceptances, as needed.
- Partner with BlackRock technology teams to help them identify, understand and treat technology risks through control education, review of metrics and completion of self-assessments.
- Provide technical advisory services regarding industry and leading practices, relevant critical initiatives, and emerging technologies and trends.
- Be a risk champion within the wider BlackRock business.

What We Look For:

- Excellent problem-solving skills, attention to detail, process-oriented approach, a balanced listener, and a good work ethic and ability to work as part of a global team.
- 5+ years of hands-on experience in Technology Risk &/or Compliance, FinTech, Information Security, Technology Operations &/or Support, or IT Solutioning.
- Relatable understanding of distributed systems, software development lifecycles, process modelling, cloud computing, &/or robotic process automation.
- Demonstrable ability to identify and analyze risk and control issues, challenge the status quo, and work with cross-functional teams to ideate pragmatic solutions that strengthen the control environment.
- An ability to explain complex ideas in simple but impactful terms and use effective communication to influence outcomes.
- Good understanding of industry-leading practices and control frameworks (e.g. COBIT, NIST CSF, ISO 27001) as well as regulatory requirements in the Asia-Pacific region.
- Familiarity with office productivity, usage of open-source frameworks and business intelligence tools, including (but not limited to) Microsoft Office, PowerBI &/or Tableau.

The following are competitive advantages that we are interested in:

- You are - Certified in Risk & Information Systems Control (CRISC), a Certified Information Systems Security Professional (CISSP) or Associate, &/or a Certified Information Systems Auditor (CISA).
- You have successfully developed a technology solution, process or framework to solve a business problem.
- You have automated decision-making or analytics using one or more of the following: Python, Ruby &/or SQL.
- You are proficient in English and Mandarin (spoken/ written).

Our benefits

To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.

Our hybrid work model

BlackRock’s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while suppo