Senior Manager, Info & Risk Control

As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.

If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!

Job Description

Duties:

• Lead the development of information risk & control framework to enhance the firm’s second line of defense across STS (Services, Technology and Security)
• Drives consistency across STS business functions (Technology, Security, and Data) in the way risks are identified and controls are implemented, and shares best practices and learnings across STS business functions
• Analyze current risks and identify/monitor emerging risks which can affect STS; reports out to appropriate audiences to ensure current and emerging risks are understood and mitigating tactics mobilized
• Work in partnership with first line of defense to review implementation of framework(s) and standard(s) that strengthen the control environment and improve STS processes that identify key risks and controls, and test, and review their effectiveness
• In partnership with Internal Audit, Global Compliance, and Risk, provides independent checks and challenges to first line of defense
• Provide support to identify, measure, escalate, report, and track incidents across STS in accordance with the global policies
• Lead development of robust set of KRI (Key Risk Indicators) to ensure control adequacy, quality and efficacy across STS
• Lead implementation of risk management policies & procedures and a governance structure to ensure right level of risk oversight and reporting across STS – ensuring that regional regulatory requirements are fully considered
• Leverage industry networks and associations to stay abreast of industry developments in technology, operational, and security risk management
• Partner with broader internal risk community (Business Control functions, Finance, Cyber, Privacy, Internal Audit, Compliance, Third Party Risk Management, and External Audit) as well as key global business stakeholders
• Drives risk awareness in employees by training and education interventions to enhance understanding of risk and promote a risk awareness culture.

Requirements:

• Must have a Master’s degree in Computer Science, Information Security, Information Science or related technical field
• Must have passed at least of the following exams towards certification: FRM, CRISC, CISSP, CIPP, or CISA.
• Must have 5 years of experience in information risk and/or IT audit positions performing/utilizing the following:

• Driving risk management across various line of defenses in a global financial services environment and operational risk consulting.
• Defining and implementing information risk management and control frameworks with advanced risk analysis.
• Identifying, assessing, and prioritizing various types of risks, including emerging technologies, cloud computing, and AI/ML
• Scripting risk assessment models, automating reports, and analyzing large datasets for risk pattern identification.
• Python for data analysis and automation
• Risk analysis within DevSecOps environments, evaluating and mitigating security risks throughout the software development lifecycle, particularly in CI/CD and automated testing processes.
• Functionally managing various projects & functions and managing audit projects.
• Understanding global and regional regulations and standards related to information security, data protection, and technology.
• AWS, including an in-depth understanding of its security features, compliance standards, and best practices for risk management in the cloud.
• Performing risk evaluations for network perimeters.
• Comprehensive cloud and risk management, including managing and securing Cloud environments with a focus on AWS and Azure-specific security features, conducting risk assessments on deployment templates with AWS CloudFormation and Azure Resource Manager Templates.
• Implementing industry-standard risk management frameworks, including COBIT (Control Objectives for Information and Related Technologies), and NIST (National Institute of Standards and Technology) guidelines.
• DevSecOps practices, including setting up CI/CD pipelines, automated testing, security scanning tools, and development of applications using Python with various AWS services.
• API development and management, focusing on securing RESTful APIs, SOAP, and managing API gateways.
• Conducting risk assessments in specialized IT environments, including comprehensive evaluations of Active Directory environments.

• Must have at least 2 years of experience with:

• Building risk organization(s).
• Google Cloud Platform (GCP).
• SIEM for monitoring, detecting, and responding to security incidents.
• Implementing Terraform for Infrastructure as Code (IaC).
• AWS CloudFormation for infrastructure automation.
• Conducting risk analysis of infrastructure managed through Terraform, identifying potential vulnerabilities and inefficiencies in automated cloud infrastructure setups.
• Working with AI/ML platforms and tools.
• Blockchain and distributed ledger technologies, focusing on their security and risk implications in various sectors.
• Kubernetes for container orchestration, including deployment, scaling, and management of containerized applications, as well as managing Kubernetes environments using Rancher, Amazon Elastic Kubernetes Service (EKS) and Azure Kubernetes Service (AKS).
• Risk assessment and auditing within Kubernetes environments such as Rancher, EKS, and AKS, emphasizing the security of containerized applications and infrastructure.

• Position may be eligible to work remotely but is based out of and reports to Invesco offices in Atlanta, GA.  Must be available to travel to Atlanta, GA regularly for meetings and reviews with manager and project teams within 24-hours’ notice.   

#IVZCSO and  #LI-DNI

Apply online or email resume to: Niamh McNamee, Global Mobility Specialist, Niamh.McNamee@invesco.com

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

Yes

Workplace Model

At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. 

What’s in it for you?

 

Our people are at the very core of our success. Invesco employees get more out of life through our comprehensive compensation and benefit offerings including: 

• Flexible paid time off

• Hybrid work schedule 

• 401(K) matching of 100% up to the first 6% with a discretionary supplemental contribution 

• Health & wellbeing benefits 

• Parental Leave benefits 

• Employee stock purchase plan

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.

Invesco's culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.