Technology Risk Advisory Manager, Vice President

At BlackRock, the Enterprise Technology Risk & Controls team stands as a crucial component within the first line of defence, embodying a proactive and collaborative spirit. This dynamic team works in close partnership with Internal Audit, Risk & Quantitative Analysis, Information Security, and Engineering teams, ensuring a unified and comprehensive approach to risk management and control.  The team’s mission is realized through four distinct yet interconnected operating pillars:Risk Advisory, Assessment & Reporting, Technology Control Standards, and Risk Governance.  Through these pillars, the Enterprise Technology Risk & Controls team not only safeguards BlackRock’s technological landscape but also drives continuous improvement and resilience across the organization.

Role Description

Join us toplay a critical rolein shaping the future of technology risk managementat BlackRock. Our Enterprise Technology Risk & Controls team collaborates closely with senior leaders and subject matter experts to engage with regulators, senior stakeholders, and risk committees, driving the firm’s technology risk management standards forward. In this role, you will drive technology related risk management activity with a focus onidentifying risk through RCSAs and metrics, reporting on the progress of risk mitigating activity and managing the preparation and coordination foraudits, exams and inquiries.

Key Responsibilities:

• Risk Assessments & RCSA: Leading and driving the Risk Control Self-Assessment (RCSA) processto identifytechnology risks within BlackRock’s core technology environments.

• Risk Identification and Escalation: Proactively identifying and proposing opportunities to reduce risk, especially in technology infrastructure and cybersecurity.

• Internal Audits & Compliance: Managing internal audit support, including planning, self-identification of issues, preparing audit responses, and ensuring completion of action plans.

• Prioritization & Completion of Risk Actions: Overseeing the completion of action plans for risk management, including findings from internal audits, policy compliance, and regulatory obligations.

• Risk Process Management: Enabling key risk processes, including technology inventory management, business continuity planning and testing, third-party risk management and policy alignment. 

• Risk Profile Transparency: Developing and presenting risk profile reporting and metrics to technology risk committees and senior leadership.

Desired Skills & Experience:

Interpersonal & Executive Presence: Strong ability to engage with senior stakeholders, build relationships, and influence decision-making processes.

Problem-Solving & Critical Thinking: Ability to organize teams under pressure, prioritize tasks, and respond effectively to high-stakes issues.

Technology Risk Expertise: Understanding of technology operational risks, controls, and policies, particularly around system availability, security, and integrity in a regulated environment.

Project Management in Risk Mitigation: Lead projects that focus on reducing technology and operational risks,which involves, scoping, planning, and executing initiatives that implement new or enhanced risk controls, ensuring projects meet risk reduction goals and deadlines.

Operational Risk Frameworks: Knowledge oftechnology risk management frameworks, and knowledge of industry standards like ITIL, NIST, CobiT, and CCM CSA.

Reporting & Transparency: Developing and delivering regular risk management reports to senior leadership, stakeholders, and regulators. These reports should communicate the status of risk mitigation efforts, audit findings, RCSA results, and compliance metrics, ensuring clear visibility into risk exposure and the effectiveness of controls. Reporting may include dashboards, status updates, and detailed analysis on key risk areas.