1

Technology Risk Jobs in New York (NOW HIRING)

VP - IT Risk Management

New York, NY

$171K - $215K/yr

Company Description A Major International Bank, their Risk Management Department (Midtown) is seeking a VP - IT Risk Management, and VP Operational Risk in their HQ NYC office. The incumbent will be ...

The IT Risk and Compliance Analyst position is a highly visible, client facing role which works closely with the Legal and Business Unit stakeholders and reports to the IT Risk and Compliance Manager.

next page

Showing results 1-20

Technology Risk information

See New York salary details

$15

$33

$81

How much do technology risk jobs pay per hour?

As of Jul 4, 2026, the average hourly pay for technology risk in New York is $33.19, according to ZipRecruiter salary data. Most workers in this role earn between $21.30 and $42.36 per hour, depending on experience, location, and employer.

What are some common challenges faced by professionals working in Technology Risk roles?

Professionals in Technology Risk often encounter challenges such as keeping up with rapidly evolving cyber threats, ensuring regulatory compliance across different jurisdictions, and effectively communicating technical risks to non-technical stakeholders. Balancing proactive risk mitigation with the need to support business innovation can also be demanding. Collaboration with IT, legal, and business units is essential to identify vulnerabilities and implement practical controls without hindering productivity.

What are the key skills and qualifications needed to thrive in Technology Risk, and why are they important?

To thrive in Technology Risk, you need a solid understanding of IT systems, cybersecurity principles, risk management frameworks, and often a degree in information technology or a related field. Familiarity with tools like GRC (Governance, Risk, and Compliance) platforms, vulnerability assessment software, and certifications such as CISA, CISSP, or CRISC are commonly required. Strong analytical thinking, attention to detail, and effective communication skills help professionals assess threats and convey complex risk issues to diverse stakeholders. These skills ensure organizations can proactively identify, assess, and mitigate technology risks to protect assets and maintain regulatory compliance.

What jobs are at risk due to technology?

Technology risk professionals are concerned that automation, artificial intelligence, and evolving cybersecurity threats could impact roles such as manual data entry, basic IT support, and routine compliance tasks. These jobs may be increasingly automated or require advanced technical skills to adapt to changing technology environments.

What is the difference between Technology Risk vs Cybersecurity Analyst?

AspectTechnology RiskCybersecurity Analyst
Primary FocusIdentifying and managing technology-related risks to business operationsProtecting systems and data from cyber threats and attacks
CertificationsCRISC, CISSP, CISACISSP, CEH, Security+
Work EnvironmentRisk management teams, compliance departmentsSecurity operations centers, IT security teams
Industry UsageFinance, healthcare, technology firmsAny industry with digital assets, especially finance and government

Technology Risk professionals focus on assessing and mitigating risks associated with technology systems and processes, ensuring compliance and reducing potential disruptions. Cybersecurity Analysts primarily work to defend systems from cyber threats, focusing on security measures and incident response. While both roles involve technology and security, their core objectives and daily tasks differ significantly.

What tech jobs are safe?

Technology Risk professionals focus on identifying and mitigating risks related to IT systems, cybersecurity, and data protection. These roles are generally stable due to ongoing cybersecurity threats and regulatory requirements, and often require skills in risk assessment, compliance, and familiarity with security tools. Continuous learning and certifications like CISSP or CISA can enhance job security in this field.

What is an example of a technology risk?

A technology risk for a Technology Risk professional involves potential threats to information systems, such as cybersecurity breaches, data loss, or system failures. These risks can result from vulnerabilities in hardware, software, or network security, and managing them requires skills in risk assessment, controls, and compliance frameworks like ISO 27001.

What is Technology Risk?

Technology risk refers to the potential for losses or disruptions in an organization due to failures, vulnerabilities, or misuse of technology systems and infrastructure. Professionals in technology risk assess, manage, and mitigate risks related to cybersecurity, data privacy, IT systems, and compliance with regulations. Their work is crucial for protecting sensitive information, ensuring business continuity, and maintaining trust with clients and stakeholders.

What is the technology risk role?

A technology risk role involves identifying, assessing, and managing risks related to information technology systems and infrastructure. Professionals in this field analyze vulnerabilities, implement controls, and ensure compliance with security standards, often using tools like risk assessment frameworks and cybersecurity certifications. The role supports organizations in minimizing technology-related threats and ensuring operational resilience.
What are the most commonly searched types of Technology Risk jobs in New York? The most popular types of Technology Risk jobs in New York are:
Director-Tech Risk & Control (Software Development & Enterprise Architecture)

Director-Tech Risk & Control (Software Development & Enterprise Architecture)

American Express

New York, NY

Full-time

Posted 11 days ago


American Express rating

8.5

Company rating: 8.5 out of 10

Based on 35 frontline employees who took The Breakroom Quiz

25th of 146 rated financial services


Job description

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.

As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

Joining ETS Governance & Control means helping protect American Express customers and company through integrated, intelligence-driven technology risk and control management. Operating at the intersection of technology, governance, and risk, the team partners across the enterprise to modernize the foundation, advance risk intelligence, demonstrate trust at scale, and reduce material risk-enabling innovation with the right controls in place.

By building simplified, consistent frameworks and embedding continuous assurance, ETS Governance & Control enhances transparency, accountability, and sustainable risk reduction. The work is about empowering confident decisions, accelerating responsible delivery, and ensuring controls evolve with the business to strengthen trust and reduce enterprise risk at scale.

Role Overview

The Director, Technology Risk and Control (Software Development & Enterprise Architecture) is a senior leader within the Technology Governance & Control organization, accountable for risk advisory, governance, and control oversight across secure software development, engineering practices, enterprise architecture, and emerging technology domains.

This role partners with leaders across Technology, Engineering, Enterprise Architecture, Cybersecurity, Product, and Operational Risk to ensure technology risks are identified, assessed, governed, and mitigated through a robust Risk and Control Self-Assessment (RCSA) framework.

The successful candidate will bring deep expertise in technology risk management, software engineering and enterprise architecture practices, and governance of AI/ML and other emerging technology solutions within large, complex, and highly regulated environments.

  • Bachelor's degree in information technology, information security, risk management, business, or a related discipline And/ Or equivalent experience required
  • 10+ years of experience in technology risk management, operational risk, IT audit, software engineering, enterprise architecture, cybersecurity, or closely related fields.
  • 5+ years of leadership experience in risk, controls, governance, and technology functions.
  • Demonstrated experience leading RCSA programs and technology risk assessments in large, complex organizations.
  • Strong understanding of software development methodologies, cloud environments, and enterprise architecture practices.
  • Proven ability to influence senior executives and provide effective challenge on strategic technology decisions.
  • Strong analytical and problem-solving skills, with the ability to translate complex technical and regulatory concepts into clear risk insights.
  • Exceptional executive communication, stakeholder management, and presentation skills.

Preferred Qualifications

  • Experience leading technology risk governance across software development, SDLC, engineering, architecture, and emerging technology domains.
  • Experience supporting regulatory examinations and internal or external audits.
  • Professional certifications such as CISA, CISSP, CRISC, CISM, CGEIT, or equivalent.
  • Advanced degree in information security, risk management, business, or a related discipline.
  • IT/IS background - SDLC or Architecture is a plus

Risk Advisory Leadership

  • Serve as the accountable risk and control lead for software development and enterprise architecture domains.
  • Provide strategic risk advisory and credible challenge to senior technology leaders on risk identification, mitigation, and acceptance decisions.
  • Lead RCSA execution across the domain, including risk identification, control assessment, and residual risk evaluation.
  • Maintain risk profiles, taxonomies, and control inventories that support consistent oversight across engineering and architecture functions.
  • Drive quality and consistency in assessments, issue management, remediation, and reporting across the domain.

Technology Risk Assessment

  • Oversee risk assessments related to software delivery, engineering practices, application architecture, third-party integrations, and platform dependencies.
  • Support assessment of control design and operating effectiveness, and recommend enhancements where needed.
  • Advise leadership on the risk implications of technology strategy, architectural decisions, and transformation programs.

AI and Emerging Technology Risk Advisory

  • Provide risk advisory for AI/ML and emerging technology solutions, including AI use in software development such as code generation, test automation, documentation, and engineering workflow support.
  • Assess risks related to AI-assisted software development, including code quality, insecure code generation, data leakage, prompt and input handling, model provenance, third-party tools, lifecycle governance, explainability, privacy, regulatory compliance, and AI security.
  • Partner with engineering and enterprise architecture teams to embed risk-by-design principles, human review, approval controls, and secure development practices into AI-enabled software delivery processes.
  • Advise on governance frameworks, control standards, and auditability requirements that support the responsible use of AI in software development and broader enterprise adoption at scale.

Governance, Reporting, and Regulatory Engagement

  • Lead the preparation and presentation of risk insights, emerging themes, and recommendations for senior leadership and governance forums.
  • Develop meaningful risk metrics, key risk indicators, and management reporting to support informed decision-making.
  • Support internal audits, regulatory examinations, and external assessments with clear, well-structured risk and control narratives.
  • Ensure alignment with enterprise risk frameworks, policies, standards, and regulatory expectations.

Stakeholder Management

  • Build strong partnerships across Engineering, Architecture, Cybersecurity, Data, Product, Compliance, and Operational Risk.
  • Influence senior leaders and promote risk-informed decision-making across strategic initiatives.
  • Act as a trusted advisor on technology risk, governance, and transformation priorities.

Team Leadership

  • Lead and develop risk professionals supporting technology risk and control activities.
  • Foster a culture of accountability, continuous improvement, and strong risk awareness.
  • Build team capability through coaching, development planning, and succession management.

What American Express employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom