Sr. Technology Risk Program Manager

Hi,

We have immediate Position on

Role: Sr. Technology Risk Program Manager

Location: Remote

We’re looking for a Sr Technology Risk Program Manager to own the portfolio of technology and security risk issues across our Technology organization. You’ll sit at the center of how we identify, track, and remediate risk—owning the issue portfolio end-to-end, driving accountability across teams, and turning a complex risk landscape into clear, decision-ready reporting for senior leadership and the Board.
This role sits at the intersection of risk management, security, and execution. You’ll partner closely with InfoSec, second- and third-line Risk, Compliance, and technology and infrastructure teams to drive issues to resolution—not just track them. You’ll also keep a hand in data program delivery, making sure data initiatives meet their risk and control obligations. If you can navigate a regulated environment, understand security infrastructure, and translate messy risk data into a story executives and Board members can act on, this role is for you.
 
What You’ll Do
• Own the portfolio of technology and security risk issues end-to-end—intake, prioritization, tracking, and remediation
• Maintain a single source of truth for risk issues, findings, exceptions, and mitigation plans, with clear owners and due dates
• Prepare and deliver risk reporting for executive leadership, Risk Committees, and the Board, including portfolio health, trends, aging, and key exposures
• Translate technical risk and security findings into concise, decision-ready narratives for non-technical and Board audiences
• Drive remediation across engineering, security, and infrastructure teams with clear accountability and timelines
• Track issues, findings, and mitigation plans through resolution, monitoring SLAs, aging, and overdue items
• Manage escalations thoughtfully, knowing when to resolve and when to elevate decisions
• Partner with InfoSec, Risk, Compliance, and Legal to ensure regulatory, security, and policy requirements are met
• Maintain strong controls, documentation, and audit readiness across the risk portfolio
• Continue to manage select data programs end-to-end—owning plans, milestones, dependencies, and embedded risk and security controls
• Build and maintain dashboards and reporting to track issue health, remediation progress, and overall risk posture
• Use Jira and GRC tooling to monitor issue throughput, aging, and portfolio performance
• Facilitate working sessions and risk forums across security, technology, data, and business teams
• Act as connective tissue between technical and security teams and business and executive stakeholders
• Drive consistent risk and program management practices across the technology organization
 
About You
• 6+ years in technical program management or technology/security risk and issue management within technology, security, or data organizations
• Strong understanding of technology and security risk—how issues are identified, assessed, prioritized, tracked, and remediated
• Working knowledge of security infrastructure—identity and access management, network and cloud security, encryption, endpoint, and vulnerability management—and how controls map to risk
• Experience preparing and presenting executive- and Board-level reporting on risk, security, or program status
• Proven ability to drive cross-functional remediation in fast-paced, regulated environments
• Experience partnering with second- and third-line Risk, Compliance, audit, and InfoSec teams on reviews and remediation
• Solid data program management foundation, including data concepts such as pipelines, data quality, lineage, governance, and privacy
• Hands-on experience with Jira and familiarity with GRC tools, including workflows, reporting, and metrics
• Strong organizational, communication, and stakeholder management skills, with a talent for distilling complexity
• Ability to operate effectively in a matrixed environment across technology, security, and business teams
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Business, or related field, or equivalent experience
 
Bonus Points
• Experience with Agile, Waterfall, or hybrid delivery models
• Familiarity with security frameworks such as NIST CSF, ISO 27001, SOC 2, or CIS Controls
• Hands-on exposure to cloud security (AWS, Azure, or Google Cloud Platform) and infrastructure-as-code concepts
• Experience supporting regulatory exams or audits
• Familiarity with GRC tools such as Archer, ServiceNow IRM, or similar
• Familiarity with modern data platforms and tools such as Snowflake, Databricks, dbt, or Airflow
• CISSP, CRISC, PMP, PgMP, or Agile certifications
• Experience in fintech or other regulated industries