Description Join our dynamic team to navigate complex risk landscapes and fortify technology governance, making a pivotal impact in our firm's robust risk strategy. As a Tech Risk & Controls Associate in Cloud Platforms, you will be a part of a team that supports the audits/assessment/attestations/regulatory exams conducted by Internal Audit teams (3rd Line Of Defense (LOD)), Compliance, Conduct and Operational Risk (CCOR) (2nd LOD), External Auditors and Technology Governance, Risk & Controls (GRC). You will support product/platform/service/process owners by leading and managing the engagements from beginning of the audit i.e. Planning Phase to the end i.e. Reporting Phase. As a valued member of the team, you will have the opportunity to learn and grow in a dynamic and fast-paced environment, making a tangible impact on technology risk and controls at the firm. Job responsibilities • Lead and manage all audit/assessment engagement for Cloud Platforms • Perform control reviews and risk assessment for the processes owned by Cloud Platforms • Proactively identify risks and periodic reporting of the same • Support process owners in managing operational risk and provides transparency to stakeholders • Monitor and evaluate the effectiveness of implemented controls, contribute to the recommendations for improvements and addressing gaps in risk management • Communicate risk-related findings and updates to relevant stakeholders, ensuring alignment with organizational objectives and risk appetite Required qualifications, capabilities, and skills • Formal experience or equivalent expertise in technology risk management, information security, or a related field • In-depth knowledge on firmwide risk management and technology hygiene management tools • Proficient in risk identification, assessment, and control evaluation, with a strong understanding of industry standards • Exposure to risk management frameworks, regulations, and industry best practices Preferred qualifications, capabilities, and skills • Cloud Certifications, CISM, CRISC, CISSP, or other industry-recognized risk certifications.