Risk Management Lead

FIA Tech is the leading technology provider to the exchange traded derivatives industry. Owned by a consortium of thirteen leading clearing firms and the Futures Industry Association (FIA), FIA Tech is committed to serving the industry and launching innovative solutions to improve market infrastructure across the listed and cleared derivatives industry. FIA Tech works in close partnership with the broader industry, including exchanges, clearinghouses, clearing firms and other intermediaries, as well as independent software vendors, buyside firms and end users to bring efficiency to the exchange traded and cleared derivatives industry.  Some of our benefits include company-paid medical, dental, vision benefits, a 9% company contribution into your 401k, and rich parental leave benefits. Our employees also enjoy having the period from Christmas Eve to New Year’s Day off every year. FIA Tech is proud to be a Great Place to Work Certified.

About the role:

We are seeking a technically proficient and analytically driven Risk Management Lead to join our team, with a focus on identifying, assessing, and mitigating complex security risks across infrastructure, applications, and cloud environments. This mid-career role requires a strong grasp of technical risks including vulnerabilities, threat vectors, misconfigurations, and architectural weaknesses — particularly in the context of platforms serving the global financial services industry.

The ideal candidate will have experience translating technical findings into prioritized, actionable remediation plans and collaborating with engineering, infrastructure, and external service teams to implement scalable security controls. This role is critical in helping the organization maintain a high-assurance security posture that meets both internal standards and external client and regulatory expectations.

What you'll do:

This role requires strong technical acumen, problem-solving capabilities, and the ability to analyze, interpret, and prioritize complex technical risks. The ideal candidate will work cross-functionally with technical, operations, and business stakeholders to plan, design and execute the implementation of effective security controls and risk mitigation. Key responsibilities are organized into the following areas:

1. Technical Risk Assessment & Mitigation

• Identify and assess security risks across infrastructure, applications, and cloud environments.
• Translate technical vulnerabilities and threat intelligence into prioritized, actionable remediation plans.
• Conduct platform-level risk assessments and ensure alignment with secure design principles.
• Lead and support technical initiatives to improve platform security (e.g., secure connectivity, identity federation, encryption, availability).

2. Security Strategy, Architecture & Implementation

• Partner with R&D, TechOps, and service providers to design and implement effective mitigation strategies.
• Develop and maintain security roadmaps, implementation of workstreams, and control frameworks.
• Participate in security architecture reviews and provide guidance on secure cloud strategy for high-assurance environments.
• Maintain awareness of emerging technologies, threats, and regulatory trends to inform security decisions.

3. Risk Register Ownership

• Manage the enterprise risk register and maintain the risk and audit calendar.
• Ensure security program compliance with financial services regulations and frameworks (e.g., ISO 27001, SOC 2, GDPR).
• Conduct internal readiness assessments, including tabletop exercises and internal audits.
• Oversee employee security awareness training and ensure organization-wide alignment with risk policies.

4. Incident Response & Third-Party Risk Management

• Provide hands-on leadership for incident response and threat analysis.
• Conduct security reviews of critical service providers and participate in third-party risk management activities.
• Contribute to the development and refinement of security policies, standards, and procedures.
•  Describe the specific responsibilities and job functions of the role

Qualifications:

To thrive in this role, you should bring a mix of deep technical expertise, practical risk management experience, and the ability to drive collaborative execution across complex environments. We’re looking for someone who has "been there, done that" in securing distributed systems within regulated industries like financial services.  This means you bring:

• Proven experience assessing and managing technical security risks in distributed, cloud-native, and containerized environments (AWS is a must, Kubernetes, microservices).
• Strong understanding of operational resiliency, fault tolerance, and secure architecture principles in complex systems.
• Hands-on expertise with cloud security tools and runtime security monitoring integrated into DevOps pipelines.
• Familiarity with third-party risk assessments and vendor security management in a global regulatory context.
• Ability to translate complex technical risks into clear, prioritized action plans and lead cross-functional teams to deliver remediation.
• Bonus for scripting or automation (Python, PowerShell, Terraform) skills
• Relevant certifications CISSP, CISM, CRISC, AWS Security Specialty) encouraged but not required.

$160 – 175K total comp