Head of Technology & Security Risk – Interactive Brokers – Greenwich, CT

Interactive Brokers has been at the forefront of the Fintech space for over 42 years. We continue to challenge the status quo and push boundaries to offer the best trading platform with the most sophisticated features, all for the lowest cost to our customers. To achieve that, we seek to actively understand and prudently manage our Firmwide risk profile.

As part of our expanding Enterprise Risk Management organization, Interactive Brokers is seeking to recruit a Head of Technology & Security Risk. This is a senior second line of defense role, based in Greenwich, reporting directly to the Group Chief Risk Officer.

The individual will be responsible for architecting, maintaining and successfully implementing the IT Risk Management Framework globally. This will include independent monitoring of, and providing constructive challenge to, the Technology organization with regards to the governance and management of Technology and Security risks and controls.

Responsibilities will include the alignment of the IT Risk Management Framework to industry standards, leading the effective execution of the ITRMF, organization and prioritization of the ITRM book of work and building and maintaining trusted relationships with senior technologists firm wide.

The successful candidate will lead the execution of Risk Assessments of Technology processes and systems, event analysis and remediation, development and monitoring of Key Risk Indicators (KRIs), scenario analysis and the monitoring of the Firms Technology and Security risk profile against its risk appetite.

Responsibilities

Manage the execution of all aspects of the ITRM Framework in the US, and work with the global ERM teams to manage the Technology and Security risk profile in their locations
Partner with senior leaders in the Technology organization to execute the RCSA program, ensuring results are documented appropriately, are actionable and are defensible to third party review
Lead the execution of Targeted Risk Assessments on priority areas to identify opportunities for IT control enhancement and risk mitigation
Participate in firmwide projects to identify, assess and manage Technology and Security risks related to delivery of the IB business model
Build and monitor Key Risk Indicators for Technology, escalating changes to the risk profile to risk owners including breaches of risk appetite limits, and identifying remedial strategies to bring exposures within tolerance
Conduct root cause analysis on events/incidents and agree control enhancements with Technology owners
Partner with Technology leads and SMEs to ensure the effectiveness of the Business Continuity and Disaster Recovery programs
Input to the SOC1/2/3 to ensure consistency between the ITRM Framework and the controls tested by the 3rdparty auditors

Qualifications

10+ years in Technology Risk or related function (first line Technology Operations, Technology Control, IT audit) in financial services
Experience in developing and maintaining Technology and Security risk frameworks, policies and guidance e.g. COBIT, ITIL, NIST, etc. – practical experience in executing technology and security risk assessments against these frameworks
Demonstrable knowledge and experience in relevant IT/Security domains (e.g. Application Development, Change Management, Application Security, Security Operations, Cyber Security monitoring, Vulnerability Management, Incident Management, Identity and Access Management or Cloud Security/Infrastructure);
Knowledge of ITRM industry best practice and regulatory standards – forward thinking approach to application of risk standards
Highly diligent individual – results driven and hard working – ability to execute risk assessments to a high degree of quality; professionally skeptical
Strong interpersonal skills, excellent work ethic, highly credible and influential presenter (verbal and written); strong communicator and influencer; team player
Superior analytical abilities and decision-making skills; ability to exercise independent judgment
Bachelor’s degree required; advanced education degree and/or professional qualifications in the field of IT Risk Management, Information Security, Cyber Security etc. preferred – (e.g. ISACA, CRISC, CISA, CISM, CISSP, ITIL, COBIT 2019, ISO2700X, NIST CSF etc.)

Company Benefits & Perks

Competitive salary, annual performance-based bonus and stock grant
Retirement plan 401(k) with competitive company match
Excellent health and welfare benefits including medical, dental, and vision benefits
Wellness screenings and assessments, health coaches and counseling services through Employee Assistance Program (EAP)
Paid time off and a generous parental leave policy
Daily company paid lunch and a fully stocked kitchen with healthy options for breakfast and snack
Corporate events including team outings, dinners, volunteer activities and company sports teams
Education reimbursement and learning opportunities
Modern offices with sit/stand desks and multi-monitor setups

Job Type: Full-time

Benefits: