Arrowstreet Capital
systematic investment
TechnologyRiskandGovernance
Neural analysis suggests this role is
optimal for Mid+ candidates.
“Technology Risk and Governance at Arrowstreet Capital. Skills: Technology risk framework ownership, Governance model establishment, Risk assessment and control evaluation process design, AI risk governance leadership, Technology risk policy suite ownership, Third-party risk oversight. Own the enterprise technology risk framework and governance model.. Provide advisory support for material technology decisions.”
What You'll Achieve.
Identify, assess, and mitigate risk across IT services, platforms, and third parties.; Translate complex technical and control issues into clear business risk narratives.; Drive risk-based prioritization of remediation.; Ensure technology risks are identified, documented, reported, and addressed through effective controls, risk acceptance, and continuous improvement.; Increase risk visibility and strengthen governance.; Ensure technology risk policies are implemented, reviewed regularly, and supported through training and awareness.; Ensure threat, vulnerability, patch, and incident risk governance aligns to the current threat landscape and control expectations.; Drive operational resilience for technology services.
Industry & Context.
What They're Looking For.
Must Have
Experience leading technology risk, IT risk, cyber/operational risk, or technology governance in a regulated environment., Demonstrated ability to design and implement risk frameworks and governance processes, including assessment, prioritization, remediation tracking, and risk acceptance., Broad technical knowledge across enterprise IT (infrastructure, applications, identity and access management, cloud/SaaS, and data governance) and how controls mitigate risk., Stakeholder management skills with a track record of influencing senior leaders and driving outcomes across Technology, Compliance, Legal, and Internal Audit., Excellent written, verbal, and presentation able to communicate complex technical risk issues clearly to executives and governance committees., Experience in developing and defining enterprise risk level appetite, tolerance thresholds, and escalation criteria., Ability to challenge control owners constructively and drive accountability and remediation.
Nice to Have
Familiarity with industry regulations and standards (SOX, PCI, DORA) and technical frameworks (e.g., NIST, ISO 27001) and attack frameworks (e.g., MITRE ATT&CK or similar)., Experience interacting directly with regulators, auditors, and board risk committees., Understanding of secure software development and application security risks
What You'll Do.
Own the enterprise technology risk framework and governance model.
Provide advisory support for material technology decisions.
Establish governance and reporting for senior management on IT
and emerging technology risks.
Design and continuously improve technology risk assessment and control evaluation processes.
Lead and mature AI risk governance.
Support enterprise data governance initiatives.
Own the technology risk policy suite and standards.
Oversee technology aspects of third-party risk.
Partner with Cyber Security to ensure threat
and incident risk governance aligns to the current threat landscape and control expectations.
Drive operational resilience for technology services.
and internal audit engagements related to technology risk.
How You'll Work.
Team & Collaboration
Partnering with senior leadership across Technology, Cyber Security, Compliance, Legal, and business.; Partnering with the Chief Compliance Officer and risk owners.; In partnership with IT, Security, Compliance, and the business.; In collaboration with Technology and business stakeholders.; In partnership with Compliance and procurement stakeholders.; Partner with Cyber Security.
Communication Scope
Excellent written, verbal, and presentation skills.; Able to communicate complex technical risk issues clearly to executives and governance committees.
Full Job Description
**Job Overview** The position reports to the Chief Information Security Officer and leads the enterprise-wide technology risk and governance program. This role establishes the risk framework, policies, and governance needed to identify, assess, and mitigate risk across IT services, platforms, and third parties. Partnering with senior leadership across Technology, Cyber Security, Compliance, Legal, and business, the role translates complex technical and control issues into clear business risk narratives (operational, regulatory, reputational, and financial) and drives risk-based prioritization of remediation. The position owns the technology risk policy suite and associated standards and oversees the technological aspects of the third-party risk program, including vendor onboarding due diligence and ongoing monitoring in partnership with Compliance and procurement stakeholders. This role is a key contributor to enterprise risk management, partnering with the Chief Compliance Officer and risk owners to ensure technology risks are identified, documented, reported, and addressed through effective controls, risk acceptance, and continuous improvement. It also evaluates and implements tools and reporting to increase risk visibility and strengthen governance. **Responsibilities** * Own the enterprise technology risk framework and governance model, aligned to the organization’s enterprise risk framework. * Provide advisory support for material technology decisions (new systems, products, vendors, and significant changes), translating technical and control issues into business impact. * Establish clear governance and reporting for senior management and committees on material IT, cyber, third-party, and emerging technology risks, including key risk indicators and metrics. * Design and continuously improve technology risk assessment and control evaluation processes, including remediation tracking and governance for risk acceptance, waivers, and exceptions. * Lead and mature AI
Applying for this Technology Risk and Governance role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Arrowstreet Capital?
Real rants from real employees. Read before you apply.