Job Information

TIAA Technology Risk Senior Associate in New York, New York

The Technology Risk Sr. Associate role is responsible for supporting second line of defense (2LoD) challenge of the implementation and support of IT and cyber risk management programs supporting enterprise functions and line of business areas, specifically the Corporate and OCOO Technology, and Nuveen Technology teams. This role will also support the identification and reporting of significant risks and controls weaknesses.

Key Responsibilities and Duties

  • Responsible for supporting the Issue Management Program and providing appropriate governance and challenge to ensure the execution of program requirements and mitigation of risk to the enterprise. Provide 2LoD challenge for:

  • Issue rating criticality and linkage to the Risk & Control Self-Assessment (RCSA) program.

  • Action plans to ensure they fully address the identified control gaps.

  • Risk-accepted issues for adherence to requirements and escalation as appropriate.

  • Responsible for working closely with first line of defense (1LoD) IT staff and issue / action plan owners to ensure they understand Issue Management Program expectations and provide guidance as needed.

  • Support the implementation and maturation of the RCSA program and related processes:

  • Effectively coordinate with the IT Risk to ensure that the implementation of the RCSA program includes the appropriate identification of technology risks and control weaknesses, including the identification of thematic risks based on breaks identified in the ARA (Application Risk Assessment) program.

  • Work in collaboration with business-aligned control teams to ensure RCSAs provide a full view of the technology control environment that the businesses are reliant upon to support their critical business functions.

  • Review and track the root causes for major technology incidents to identify and highlight potential broader problems.

  • Support the proactive identification emerging risks and trends (internal and external) that may impact business groups and their ability to achieve objectives.

  • Monitor supplier risks associated with third-party application control gaps or weaknesses.

  • Monitor and escalate Affiliate Risk and Control Gaps to ensure that the plans for remediation and potential integration are realistic and escalate where deals are impactful.

  • Provide support to management for producing risk management committee materials, metrics reporting and other related analysis, as needed.

  • Assist with the identification of new KRIs, KPIs or KCIs as needed, to ensure that metrics coverage for key control areas is sufficiently comprehensive.

Educational Requirements

  • University (Degree) Preferred

Work Experience

  • 3+ Years Required; 5+ Years Preferred

Physical Requirements

  • Physical Requirements: Sedentary Work

Career Level


Required Qualifications:

  • 3+ years of experience in one or more of the following disciplines: IT Risk Management, IT Audit, Information Technology or Cybersecurity functional areas

Preferred Qualifications:

  • 5+ years of experience in one or more of the following disciplines: IT Risk Management, IT Audit, Information Technology or Cybersecurity functional areas

  • Bachelor’s Degree in Information Technology (IT), Cybersecurity / Fraud, or other IT Compliance / Audit-related disciplines

  • Knowledge of industry IT security control frameworks and / or regulations (e.g., COBIT, NIST, ISO, GDPR, NY DFS)

  • Understanding of technology operations, software development, and change management processes

  • Experience in performing risk assessments and evaluating technology-related risks and controls

  • Strong verbal/written communication and time management skills.

  • Certifications: CISSP, CRISC, CISM, CISA or equivalent.

  • Experience with third-party risk management.

  • Experience in the use of tools to export data and/or create reports (e.g., Excel, Tableau, Archer GRC).

  • Working knowledge and/or experience with various cloud service models (e.g., IaaS, PaaS, SaaS) and configurations to implement controls.

  • Knowledge of application development lifecycles and methodologies (e.g., Agile).

  • Relationship management skills to build trust and effective working relationships.

  • A “self-starter” and the ability to demonstrate flexibility with assignments.

  • Strong technology acumen, critical thinking, and analytical skills.

Base Pay Range: $87,300/yr. - $145,500/yr.

Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans).

Company Overview

TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services.

Benefits and Total Rewards

The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary ( .

Equal Opportunity

We are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.

Read more about the Equal Opportunity Law here ( .

Accessibility Support

TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.

If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:

Phone: (800) 842-2755


Privacy Notices

For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here ( .

For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here ( .

For Applicants of Nuveen residing in Europe and APAC, please click here ( .

For Applicants of Greenwood residing in Brazil (English), click here ( .

For Applicants of Greenwood residing in Brazil (Portuguese), click here ( .

For Applicants of Westchester residing in Brazil (English), click here ( .

For Applicants of Westchester residing in Brazil (Portuguese), click here ( .

TIAA started out over 100 years ago to help ensure teachers could retire with dignity. Today, many people who work at not-for-profits rely on our wide range of financial products and services to support and strengthen their financial well-being.