The Principal Analyst serves as a subject matter expert whose insights directly influence the bank's technology risk posture and risk management strategy. Principal Risk Analysts solve complex ...
The Principal Analyst serves as a subject matter expert whose insights directly influence the bank's technology risk posture and risk management strategy. Principal Risk Analysts solve complex ...
Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks; drive strategic initiatives aligned to firm standards ...
Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks; drive strategic initiatives aligned to firm standards ...
Capital One has taken a bold journey to build a technology company, while operating in a complex, highly regulated business. As a Risk Manager, you will support and oversee Integration efforts for a ...
Capital One has taken a bold journey to build a technology company, while operating in a complex, highly regulated business. As a Risk Manager, you will support and oversee Integration efforts for a ...
Required : โข Formal training or certification with 5-7 years of experience or equivalent expertise in technology, risk management, information security, or a related field, with a focus on ...
Required : โข Formal training or certification with 5-7 years of experience or equivalent expertise in technology, risk management, information security, or a related field, with a focus on ...
Capital One has taken a bold journey to build a technology company, while operating in a complex, highly regulated business. As a Risk Manager, you will support and oversee Integration efforts for a ...
Capital One has taken a bold journey to build a technology company, while operating in a complex, highly regulated business. As a Risk Manager, you will support and oversee Integration efforts for a ...
Tech Risk and Controls - Execution, Issue Mgt & Audit Engagement
Manhattan, NY ยท On-site
$114K - $150K/yr
Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks; drive strategic initiatives aligned to firm standards ...
Tech Risk and Controls - Execution, Issue Mgt & Audit Engagement
Manhattan, NY ยท On-site
$114K - $150K/yr
Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks; drive strategic initiatives aligned to firm standards ...
Tech Risk and Controls - Execution, Issue Mgt & Audit Engagement
Manhattan, NY ยท On-site
$190K - $285K/yr
Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks; drive strategic initiatives aligned to firm standards ...
Tech Risk and Controls - Execution, Issue Mgt & Audit Engagement
Manhattan, NY ยท On-site
$190K - $285K/yr
Develop and implement technology risk management strategies, policies, and processes to identify, assess, mitigate, and monitor risks; drive strategic initiatives aligned to firm standards ...
Technology Risk and Controls Director - Compute Infrastructure Platforms
Jersey City, NJ ยท On-site
$190K - $285K/yr
Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm ...
Technology Risk and Controls Director - Compute Infrastructure Platforms
Jersey City, NJ ยท On-site
$190K - $285K/yr
Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm ...
Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm ...
Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm ...
VP- Technology Information Risk Management Location: Ideal 2-3 days Hybrid in NYC office Duration: Full Time Location Options: Open to a combo of Melville, NY (Long Island) with one day in NYC ...
VP- Technology Information Risk Management Location: Ideal 2-3 days Hybrid in NYC office Duration: Full Time Location Options: Open to a combo of Melville, NY (Long Island) with one day in NYC ...
IT Risk & Control Senior Analyst
Manhattan, NY ยท On-site
$90K - $160K/yr
The ITRM Senior Analyst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to ...
IT Risk & Control Senior Analyst
Manhattan, NY ยท On-site
$90K - $160K/yr
The ITRM Senior Analyst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to ...
Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm ...
Develop and implement technology risk management strategies, policies, and processes to identify, assess, and mitigate risks, and drive strategic projects and initiatives to enhance the firm ...
As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO ... Your advanced knowledge of risk management principles, practices, and theories will enable you to ...
As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO ... Your advanced knowledge of risk management principles, practices, and theories will enable you to ...
Operational Risk VP
New York, NY ยท On-site
The incumbent will be responsible for the oversight of the operational risk management framework and program including IT risk management, business continuity planning. The VP will be responsible for ...
Operational Risk VP
New York, NY ยท On-site
The incumbent will be responsible for the oversight of the operational risk management framework and program including IT risk management, business continuity planning. The VP will be responsible for ...
Director-Tech Risk & Control (Software Development & Enterprise Architecture)
Manhattan, NY ยท On-site
$144K - $256K/yr
The successful candidate will bring deep expertise in technology risk management, software engineering and enterprise architecture practices, and governance of AI/ML and other emerging technology ...
Director-Tech Risk & Control (Software Development & Enterprise Architecture)
Manhattan, NY ยท On-site
$144K - $256K/yr
The successful candidate will bring deep expertise in technology risk management, software engineering and enterprise architecture practices, and governance of AI/ML and other emerging technology ...
As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO ... Your advanced knowledge of risk management principles, practices, and theories will enable you to ...
As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO ... Your advanced knowledge of risk management principles, practices, and theories will enable you to ...
Tech Risk and Controls Vice President
Manhattan, NY ยท On-site
$33 - $43.50/hr
As a Tech Risk & Controls Vice President in Cybersecurity and Technology Controls, you will support the end-to-end management, ideation, and strategy delivery of executive content for the firm's most ...
Tech Risk and Controls Vice President
Manhattan, NY ยท On-site
$33 - $43.50/hr
As a Tech Risk & Controls Vice President in Cybersecurity and Technology Controls, you will support the end-to-end management, ideation, and strategy delivery of executive content for the firm's most ...
Technology Risk and Controls Lead - Portfolio of Applications
Jersey City, NJ ยท On-site
$142K - $200K/yr
As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO ... Your advanced knowledge of risk management principles, practices, and theories will enable you to ...
Technology Risk and Controls Lead - Portfolio of Applications
Jersey City, NJ ยท On-site
$142K - $200K/yr
As a Tech Risk & Controls Lead within the Cybersecurity and Technology Controls (CTC) BISO ... Your advanced knowledge of risk management principles, practices, and theories will enable you to ...
Tech Risk and Controls Vice President
Manhattan, NY ยท On-site
$33 - $43.50/hr
As a Tech Risk & Controls Vice President in Cybersecurity and Technology Controls, you will support the end-to-end management, ideation, and strategy delivery of executive content for the firm's most ...
Tech Risk and Controls Vice President
Manhattan, NY ยท On-site
$33 - $43.50/hr
As a Tech Risk & Controls Vice President in Cybersecurity and Technology Controls, you will support the end-to-end management, ideation, and strategy delivery of executive content for the firm's most ...
Oversee the development and use of risk management technologies and tooling used to inventory AI use cases, track risks, controls, issues, and approvals. * Lead AI governance forums, providing ...
Oversee the development and use of risk management technologies and tooling used to inventory AI use cases, track risks, controls, issues, and approvals. * Lead AI governance forums, providing ...
Technology Risk Manager information
See New York salary details
$56.3K - $68.1K
4% of jobs
$68.1K - $79.9K
6% of jobs
$79.9K - $91.7K
11% of jobs
$96.1K is the 25th percentile. Wages below this are outliers.
$91.7K - $103.5K
11% of jobs
The median wage is $112.9K / yr.
$103.5K - $115.3K
23% of jobs
$115.3K - $127.1K
13% of jobs
$134.8K is the 75th percentile. Wages above this are outliers.
$127.1K - $138.8K
12% of jobs
$138.8K - $150.6K
8% of jobs
$150.6K - $162.4K
6% of jobs
$162.4K - $174.2K
4% of jobs
$174.2K - $186K
2% of jobs
$56.3K
$122K
$186K
How much do technology risk manager jobs pay per year?
What is the difference between Technology Risk Manager vs Cybersecurity Analyst?
| Aspect | Technology Risk Manager | Cybersecurity Analyst |
|---|---|---|
| Certifications | CRISC, CISSP, CISA | CISSP, CEH, Security+ |
| Work Environment | Risk assessment, policy development, compliance | Monitoring security threats, incident response, vulnerability analysis |
| Industry Usage | Financial, healthcare, technology firms | IT security teams, government agencies, corporations |
The Technology Risk Manager focuses on identifying and mitigating overall technology risks and ensuring compliance, while the Cybersecurity Analyst concentrates on protecting systems from security threats and responding to incidents. Both roles require similar certifications and often work within the same industries, but their core responsibilities differ in scope and focus.
What are some common challenges Technology Risk Managers face when working across different departments?
What are the key skills and qualifications needed to thrive as a Technology Risk Manager, and why are they important?
What are Technology Risk Managers?

Other
Medical, Dental, Vision, Retirement, PTO
Posted 12 days ago
Job description
Description
Within Enterprise Technology & Security (ETS), the Data, AI and Emerging Technology Risk Principal Analyst drives the strategic identification, assessment, and mitigation of technology-related risks, playing a key role in safeguarding the organization's information assets. This senior individual contributor position operates with significant autonomy, working across technology and business teams to shape risk practices, advance control effectiveness, and ensure alignment with Cybersecurity Risk Institute (CRI) Profile, NIST Cybersecurity Framework, NIST 800-53, and other applicable frameworks. The Principal Analyst serves as a subject matter expert whose insights directly influence the bank's technology risk posture and risk management strategy. Principal Risk Analysts solve complex problems, take broad perspectives to solve problems innovatively and may lead projects with moderate resource requirements, risk and/or complexity. Cross-functional leadership and development across junior contributors are a key feature of this senior role.ย
Responsibilitiesย
Lead the proactive identification, assessment, and monitoring of technology and cybersecurity risks across systems, applications, infrastructure, and services, applying industryrecognized frameworks such as CRI, NIST CSF and NIST 80053.ย
Execute and oversee complex Risk and Control Self Assessments (RCSAs), risk assessments, targeted risk reviews, and control adequacy evaluations, providing challenge and expert recommendations on risk treatment and remediation strategies.ย
Serve as a subject matter expert for technology risk during internal audits, regulatory examinations, and supervisory inquiries, leading issue analysis, response development, and corrective action execution.ย
Analyze and synthesize risk and security data from enterprise platforms and monitoring tools to identify systemic trends, emerging risks, and control gaps, translating findings into strategic insights for leadership.ย
Partner closely with senior technology, engineering, cybersecurity, compliance, and business leaders to evaluate risk associated with new and existing platforms, infrastructure, and initiatives.ย
Oversee thirdparty technology risk activities for highrisk or complex service provider relationships within assigned domains.ย
Develop and deliver clear, executivelevel risk reporting and presentations, effectively communicating risk posture, trends, and remediation priorities to senior management and governance forums.ย
Contribute to the continuous enhancement of risk frameworks, methodologies, policies, and governance processes to strengthen overall risk maturity.ย
Mentor and coach analysts at varying levels, fostering strong risk judgment, analytical rigor, and a culture of accountability and continuous improvement.ย
Stay ahead of evolving regulatory requirements, emerging threats, and industry trends, proactively advising leadership on risk impacts and control enhancements.ย
Champion initiatives that strengthen the organization's risk posture and promote a proactive, riskaware culture across the enterprise.ย
Team-Specific Requirementsย
Preferred Domain-Specific Technical Skillsย ย
Familiarity with cloud platforms such as AWS, Azure, or GCPย
Experience with analytics platforms, storage solutions, data protection methodologies, data platforms, ETL, data transmission, data loss prevention, endpoint security practices, and cyber recovery practices, e.g. Tableau, Webfocus, APIs and Microservices based development, Talend, Informatica, Kafka, Spark, Autosys, Airflow, Java, Hadoop, Redshift, Starburst, Databricks, Tessell, MongoAtlas, Snowflake, OCI, AWS RDS, etc.)ย
Proficiency with data governance, security and other telemetry tools such as Collibra, Grafana, Datadog, Qualys, Wiz, CyberArk, or Splunkย
Experience with continuous integration, continuous delivery, agile and devsecops pipelines, including data engineering sub-pipelines and related tools (e.g. Nexus, Jenkins, Harness, Fortify, EKS, Openshift, etc.)ย
Knowledge of AI/ML platform tools such as Bedrock, Sagemaker, H2O.ai, MLflow, etc.ย
Preferred Team-Specific Tools & Platformsย ย
ServiceNow, Jira, Confluence, or other ITSM/collaboration platformsย
GRC Archer, WDesk, or other risk and compliance platformsย
Experience & Skillsย
Required:ย
7-10 years of progressive experience in IT risk management, information security, or internal audit, with demonstrated leadership in complex risk environments.ย
Deep expertise in control frameworks including CRI Profile, NIST 800-53, NIST CSF, COBIT, and/or ITIL, and the ability to apply them strategically.ย
Proven ability to lead risk assessments, control testing programs, and regulatory response activities independently.ย
Advanced proficiency with GRC platforms (e.g., Archer), security monitoring tools (e.g., Splunk, Qualys, Wiz), and data analysis tools (e.g., Tableau, Grafana, Excel).ย
Strong executive communication skills; ability to present risk findings persuasively to senior leaders and non-technical audiences.ย
Track record of influencing risk practices and driving meaningful improvements in control environments.ย
Ability to operate independently and manage complex, multi-stakeholder workstreams.ย
Preferred:ย
Experience in a regulated financial institution with familiarity with OCC, Federal Reserve, or FDIC supervisory expectations.ย
Background in cloud infrastructure risk, cyber resilience, or enterprise architecture risk.ย
Experience designing or significantly improving risk management programs or frameworks.ย
Educationย
Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required; Master's degree strongly preferred.ย
One or more of the following certifications are preferred:ย
CISA (Certified Information Systems Auditor)ย
CRISC (Certified in Risk and Information Systems Control)ย
CISM (Certified Information Security Manager)ย
CISSP (Certified Information Systems Security Professional)ย
PMI-RMP (Risk Management Professional)ย
AWS Solutions Architect or Microsoft Azure Administratorย
Hours & Work Schedule
- Hours per Week: Monday-Friday
- Work Schedule: 40
- Hybrid: 4 days per week onsite, 1 day remoteย
#LI-Citizens1
Pay Transparency
The salary range for this position is $138,000 - $200,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the budget, work location, and relevant skills and experience.
We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits .
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
Education:Why Work for UsEmployment Type: 1ST