Technology & Security Risk Analyst

Job Description

Interactive Brokers has been at the forefront of the Fintech space for over 42 years. We continue to challenge the status quo and push boundaries to offer the best trading platform with the most sophisticated features, all for the lowest cost to our customers. To achieve that, we seek to actively understand and prudently manage our Firmwide risk profile.

As part of our expanding Enterprise Risk Management (ERM) organization, Interactive Brokers is seeking to recruit a Technology & Security Risk Analyst.  This is a second line of defense role, based in Greenwich, reporting directly to the Head of Technology & Cyber Risk.

Responsibilities will include the alignment of the Technology and Information Security (IS) Risk Management Framework to industry standards, execution of risk assessments for technology and IS processes and for IT systems, event analysis and remediation, development and monitoring of Key Risk Indicators (KRIs), scenario analysis and the monitoring of the Firm’s technology and IS risk profile against its risk appetite.

Responsibilities

• Support the Head of Technology & Cyber Risk in executing all aspects of the Technology and IS Risk Management Framework in the US, and work with the global ERM teams to manage the technology and IS risk profile in their locations
• Partner with risk owners in technology and security to execute the RCSA program, ensuring results are documented appropriately, are actionable and are defensible to third party review
• Conduct Targeted Risk Assessments on priority areas to identify opportunities for control enhancement and risk mitigation
• Participate in firmwide projects to identify, assess and manage technology and IS risks related to delivery of the IB business model
• Build and monitor KRIs for technology and IS, escalating changes to the risk profile to risk owners including breaches of risk appetite limits, and identifying remedial strategies to bring exposures within tolerance
• Conduct root cause analysis on events/incidents and agree control enhancements with control owners
• Conduct analysis on the technology architecture – risks and controls – at the request of the Head of Technology & Cyber Risk or the Chief Risk Officer
• Perform credible challenge reviews of risk assessments completed by the first line of defense technology and security functions
• Partner with technology leads and SMEs to ensure the effectiveness of the Business Continuity and Disaster Recovery programs

Skills and Knowledge

• Minimum 5 years of experience in technology and IS risk management in financial services industry
• Applied knowledge and hands-on experience in relevant technology and IS domains is strongly desirable (e.g., software development, change management, identity and access management, technology operations, cybersecurity, data protection and privacy and/or cloud technologies)
• Experience in developing, deploying and maintaining technology and IS risk management frameworks, policies, processes and guidance
• Understanding of technology and IS risk management frameworks and industry standards (e.g., COBIT, ISO, NIST, ITIL, etc.)
• Knowledge of US regulatory requirements and other regulatory obligations related to data privacy and data protection within the financial services sector
• Demonstrable experience in conducting technology and IS risk assessments
• Highly diligent individual - results driven and hard working – ability to execute risk assessments to a high degree of quality; professionally skeptical
• Strong interpersonal skills, excellent work ethic, highly credible and influential presenter (verbal and written); strong communicator and influencer; team player
• Superior analytical abilities and decision-making skills; ability to exercise independent judgment
• Strong MS Office skills

Education

• Bachelor’s degree in Computer Science, Information Security or a related field
• Relevant professional certifications preferred (CISA, CISM, CRISC, CISSP, etc.)