... Technology Risk * Create and maintain policies for how Blend360 uses AI, manages data, handles ... Risk Director vs. Sr. Security Engineer This role works closely with the Sr. Security Engineer ...
... Technology Risk * Create and maintain policies for how Blend360 uses AI, manages data, handles ... Risk Director vs. Sr. Security Engineer This role works closely with the Sr. Security Engineer ...
End-to-End Risk Management & Execution * Drive end-to-end technology and cyber risk assessments, managing the lifecycle from tactical implementation and ongoing evaluation through to remediation ...
End-to-End Risk Management & Execution * Drive end-to-end technology and cyber risk assessments, managing the lifecycle from tactical implementation and ongoing evaluation through to remediation ...
IT Risk and Compliance Professional
Washington, DC ยท On-site
$106K - $107K/yr
Bachelor's degree in accounting, accounting information systems or computer science. * 5 or more years of IT internal/external audit experience (internal audit or risk management experience with a ...
IT Risk and Compliance Professional
Washington, DC ยท On-site
$106K - $107K/yr
Bachelor's degree in accounting, accounting information systems or computer science. * 5 or more years of IT internal/external audit experience (internal audit or risk management experience with a ...
IT Risk and Compliance Professional
$106K - $107K/yr
Bachelor's degree in accounting, accounting information systems or computer science. * 5 or more years of IT internal/external audit experience (internal audit or risk management experience with a ...
IT Risk and Compliance Professional
$106K - $107K/yr
Bachelor's degree in accounting, accounting information systems or computer science. * 5 or more years of IT internal/external audit experience (internal audit or risk management experience with a ...
IT Risk and Compliance Professional
Washington, DC ยท On-site
$106K - $107K/yr
Bachelor's degree in accounting, accounting information systems or computer science. * 5 or more years of IT internal/external audit experience (internal audit or risk management experience with a ...
IT Risk and Compliance Professional
Washington, DC ยท On-site
$106K - $107K/yr
Bachelor's degree in accounting, accounting information systems or computer science. * 5 or more years of IT internal/external audit experience (internal audit or risk management experience with a ...
Director, Metrics Strategy and Reporting Capital One is one of the fastest growing organizations in ... Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ...
Director, Metrics Strategy and Reporting Capital One is one of the fastest growing organizations in ... Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ...
IT Risk Senior
Mclean, VA ยท On-site
Support critical third-party vendor risk management activities * Develop, enhance, and maintain critical technology solutions to support corporate-wide AI adoptions * Execute risk mitigant processes ...
IT Risk Senior
Mclean, VA ยท On-site
Support critical third-party vendor risk management activities * Develop, enhance, and maintain critical technology solutions to support corporate-wide AI adoptions * Execute risk mitigant processes ...
Support critical third-party vendor risk management activities * Develop, enhance, and maintain critical technology solutions to support corporate-wide AI adoptions * Execute risk mitigant processes ...
Support critical third-party vendor risk management activities * Develop, enhance, and maintain critical technology solutions to support corporate-wide AI adoptions * Execute risk mitigant processes ...
Director, Metrics Strategy and Reporting Capital One is one of the fastest growing organizations in ... Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ...
Director, Metrics Strategy and Reporting Capital One is one of the fastest growing organizations in ... Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ...
Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ... the Board of Directors, as needed. * Stay current on emerging cyber threats and potential ...
Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ... the Board of Directors, as needed. * Stay current on emerging cyber threats and potential ...
... Management Do you want to be part of an organization that is dedicated to helping Capital One ... At least 1 year of experience in business continuity, disaster recovery, or technology resilience ...
... Management Do you want to be part of an organization that is dedicated to helping Capital One ... At least 1 year of experience in business continuity, disaster recovery, or technology resilience ...
Risk Manager, Endpoint Security
Mclean, VA ยท On-site
Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ... the Board of Directors, as needed. * Stay current on emerging cyber threats and potential ...
Risk Manager, Endpoint Security
Mclean, VA ยท On-site
Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 ... the Board of Directors, as needed. * Stay current on emerging cyber threats and potential ...
... Management Do you want to be part of an organization that is dedicated to helping Capital One ... At least 1 year of experience in business continuity, disaster recovery, or technology resilience ...
... Management Do you want to be part of an organization that is dedicated to helping Capital One ... At least 1 year of experience in business continuity, disaster recovery, or technology resilience ...
Senior IT Risk and Compliance Analyst Apply now Job no: 503864 Work type: Regular Full-Time ... Risk Management Experience: * Demonstrated experience in developing threat models and security risk ...
Senior IT Risk and Compliance Analyst Apply now Job no: 503864 Work type: Regular Full-Time ... Risk Management Experience: * Demonstrated experience in developing threat models and security risk ...
... therapies; and technologies that expand the availability of transplantable organs. United ... The Senior Risk Management Director leads the vision and strategic direction for the company's risk ...
... therapies; and technologies that expand the availability of transplantable organs. United ... The Senior Risk Management Director leads the vision and strategic direction for the company's risk ...
Manage the full lifecycle of technology and cyber risk assessments for Commercial Bank; drive the process from initial risk identification through to tactical implementation, remediation tracking ...
Manage the full lifecycle of technology and cyber risk assessments for Commercial Bank; drive the process from initial risk identification through to tactical implementation, remediation tracking ...
Manage the full lifecycle of technology and cyber risk assessments for Commercial Bank; drive the process from initial risk identification through to tactical implementation, remediation tracking ...
Manage the full lifecycle of technology and cyber risk assessments for Commercial Bank; drive the process from initial risk identification through to tactical implementation, remediation tracking ...
... T risk management (ITRM) initiatives to increase the transparency of risk impacts to the firm, manage the Cyber risk register, issue log, facilitate the Risk Operating Committee (ROC), and support ...
... T risk management (ITRM) initiatives to increase the transparency of risk impacts to the firm, manage the Cyber risk register, issue log, facilitate the Risk Operating Committee (ROC), and support ...
Associate Director, Enterprise Risk Management
$222K - $320K/yr
The Associate Director supports the integration of risk management practices into strategic ... Ability to use available tools and technologies to support risk assessments, risk reporting, issue ...
Associate Director, Enterprise Risk Management
$222K - $320K/yr
The Associate Director supports the integration of risk management practices into strategic ... Ability to use available tools and technologies to support risk assessments, risk reporting, issue ...
Technical Risk Analyst
Vienna, VA ยท On-site
The ideal candidate will have experience working with IT security controls, risk management practices, compliance frameworks, or audit activities and possess strong analytical and documentation ...
Technical Risk Analyst
Vienna, VA ยท On-site
The ideal candidate will have experience working with IT security controls, risk management practices, compliance frameworks, or audit activities and possess strong analytical and documentation ...
Director Technology Risk Management information
What does a Director of Technology Risk Management do?
How does a Director of Technology Risk Management typically collaborate with other departments to ensure effective risk mitigation?
What are the key skills and qualifications needed to thrive as a Director of Technology Risk Management, and why are they important?
What is the difference between Director Technology Risk Management vs Cybersecurity Manager?
| Aspect | Director Technology Risk Management | Cybersecurity Manager |
|---|---|---|
| Primary Focus | Overseeing technology risk strategies and enterprise risk mitigation | Managing cybersecurity operations and security measures |
| Certifications | CRISC, CISSP, CISM | CISSP, CISA, CEH |
| Work Environment | Strategic, cross-departmental, executive level | Operational, technical teams, security operations centers |
| Industry Usage | Financial, healthcare, large enterprises | IT security firms, corporate IT departments |
The main difference is that the Director Technology Risk Management focuses on broad technology risk strategies across the organization, while the Cybersecurity Manager concentrates on implementing and managing cybersecurity measures. Both roles require similar certifications but differ in scope and strategic versus operational responsibilities.
Job description
Blend is a premier AI services provider, committed to co-creating meaningful impact for its clients through the power of data science, AI, technology, and people. With a mission to fuel bold visions, Blend tackles significant challenges by seamlessly aligning human expertise with artificial intelligence. The company is dedicated to unlocking value and fostering innovation for its clients by harnessing world-class people and data-driven strategy. We believe that the power of people and AI can have a meaningful impact on your world, creating more fulfilling work and projects for our people and clients. For more information, visitย www.blend360.com.
We are looking for a Director, Global Risk & Compliance to establish and lead the firm's first centralized risk management and compliance function. This role will build the enterprise risk framework, develop and implement global policies (AI governance, data privacy, vendor risk management, ESG compliance), manage the corporate insurance program, and coordinate compliance execution across all regions.
This role will serve as the client-facing risk leader, engaging directly with enterprise clients on compliance questionnaires, security assessments, and risk governance. The role partners closely with the VP of IT and Sr. Security Engineer to ensure the enterprise risk framework reflects both business and technology dimensions.
This is a governance and framework role, not a technical security engineering role. The Director defines risk policy and requirements ("what" and "why"); the Sr. Security Engineer implements at the infrastructure level ("how"). The two roles operate as complements with a clear boundary.
Core Responsibilities
Risk Management & Oversight
- Partner with executive leadership to define Blend360's risk appetite and tolerance thresholds; translate those into a practical risk management framework with clear escalation protocols across all the global enterprise.
- Create and maintain a master risk register that tracks business, operational, regulatory, and technology risks; record who owns each risk, its likelihood and potential impact, and how we'll address it
- Run annual risk reviews across all regions and business units; use the external Global Risk Assessment (expected Q3 2026) to benchmark our findings
- Design incident response procedures and lead after-incident reviews to track fixes to completion
- Brief senior leadership quarterly on our risk position, new threats, and progress on mitigation efforts
AI Governance & Technology Risk
- Create and maintain policies for how Blend360 uses AI, manages data, handles information security, and maintains business continuity
- Partner with the AI Steering Committee to ensure AI is used responsibly both for client work and internal operations
- Set standards for building and using AI models: establish rules around data quality, model performance, bias detection, and responsible use; translate regulatory requirements (EU AI Act, NIST AI RMF) into Blend360 standards
- Work with the VP of IT and Sr. Security Engineer to assess risks in our technology infrastructure (AWS, Snowflake, client systems); document findings in the risk register and present to leadership
- Track data safety across the company, from how it's collected and processed to how it's shared and moved across borders (for both client and internal data)
- Review client projects for risks related to cloud, data, and AI components; provide risk-based recommendations to support legal review and deal decisions
Vendor & Third-Party Risk Management
- Establish standards for evaluating vendor and partner risks; assess key technology providers (AWS, Snowflake), subcontractors, regional partners and any data processors
- Set rules for how we safely integrate with and share data with vendors
- Review the technical side of partnerships, acquisitions, and client solutions working with the VP of IT
- Review all policies at least annually and maintain an update process when policies change
Insurance & Compliance Program
- Manage Blend360's global insurance programs: professional liability, cyber, directors & officers, general liability, and any client-specific coverage
- Manage broker relationships and lead annual insurance renewals
- Lead SOC 2 compliance: own the audit relationship, framework, and track remediation; work with the Sr. Security Engineer on technical requirements
- Oversee ESG compliance, including Mastercard requirements and sustainability reporting (SBTi, CDP)
- Track regulatory changes across North America, Europe, and Latin America that affect Blend360 (GDPR, EU AI Act, data privacy laws, employment law)
Cross-Regional Coordination
- Coordinate compliance across regions with legal leads: North America, Latin America, and EMEA
- Work with VP Ops in Uruguay and India on compliance, employment law, and data protection at each office
- Fill the EMEA compliance gap until dedicated legal resources are in place; own EMEA policies in the meantime
- Partner with legal lead on Latin American regulatory issues; work with Legal & Compliance Analyst for on-the-ground support
- Run quarterly compliance reviews with each region; track fixes and report status to the SVP Finance
Client-Facing Risk & Compliance
- Represent Blend360 on risk and compliance matters with enterprise clients; engage directly with their security, procurement, and compliance teams
- Handle client compliance questionnaires (security, privacy, ESG, AI governance) in partnership with IT, Security, and delivery teams
- Create standard checklists for reviewing client contracts and define when to escalate
- Support high-risk contract reviews; assess insurance, liability, indemnification, and IP issues
- Maintain a log of client contracts that exceed our risk limits
Operating Model: Risk Director vs. Sr. Security Engineer
This role works closely with the Sr. Security Engineer (reports to VP IT). The split is:
Risk Director owns: risk framework, policies, risk register, insurance, ESG, SOC 2 audits, client compliance, AI governance policy, vendor standards, cross-regional coordination, executive reporting
Sr. Security Engineer owns: AWS security, Snowflake security, access controls, vulnerability management, technical incident response, infrastructure hardening
Shared: SOC 2 (Risk owns the framework and audit; Engineer provides technical details), client questionnaires (Risk owns responses; Engineer provides technical input), AI risk (Risk owns policy; Engineer implements technical controls)
Required Qualifications
- 8+ years in risk management, compliance, or legal operations in professional services, technology, AI/data, or consulting
- 5+ years in a global or multi-regional role managing policies and compliance programs
- Deep knowledge of data privacy laws (GDPR, CCPA/CPRA, LGPD), AI governance (EU AI Act, NIST AI RMF), and risk management standards (COSO, ISO 31000)
- Technology literacy: understand cloud architecture (AWS), data platforms (Snowflake, Databricks), and AI/ML risks (bias, data quality, model drift). Not expected to build systems, but must speak credibly with technical teams and translate tech risk into business terms
- Experience managing corporate insurance (professional liability, cyber, D&O) and working with brokers
- Comfortable engaging directly with Fortune 500 clients on security, compliance, and risk matters
- Strong written and verbal communication; able to present to executives, boards, and clients
- Proven ability to influence across regions and functions in a fast-moving, matrixed organization
- Bachelor's degree required; JD, MBA, or relevant advanced degree preferred
Preferred Qualifications
- Experience in AI/ML services, data analytics, cloud-native, or digital transformation firms
- Certifications: CRISC, CISM, CISA, CIPP/E, ARM, or equivalent
- SOC 2 audit experience and ESG/sustainability reporting (CDP, SBTi)
- Knowledge of cybersecurity frameworks (NIST CSF, ISO 27001) at a governance level
- Spanish language skills
- Familiarity with Latin American regulations (Colombia, Uruguay)
- Experience building a compliance function from scratch at a growth-stage company
All your information will be kept confidential according to EEO guidelines.
About Blend360
Sourced by ZipRecruiter
Industry
It services
Company size
201 - 500 Employees
Headquarters location
Columbia, MD, US
Year founded
2016