Risk Management Associate

Let’s be #BrilliantTogether

The technology Risk Management Associate will play a key part in providing assurance and insight to the management of technology risks, controls and related change programs. The role collaborates closely with Engineering, and other global teams (e.g., Risk, Compliance, Information Security), to ensure that technology risks are managed effectively and in compliance with regulatory requirements. The Risk Management Associate reports into the Risk & QA Associate Director, Stoxx Engineering.

The right candidate must be able to understand and assess risks, build relationships with diverse stakeholders, influence change across the organization, and prioritize issues and escalate appropriately.

Key Responsibilities:

• Provide 1st line risk management support by operating and maintaining the Risk Register.

• Conduct risk analysis to identify potential technology risks and vulnerabilities, gather and prepare information to present to the Risk Owner for decisions.

• Track risk mitigation actions and plans with Application Owners (& others as appropriate) through to completion 

• Work with Engineering teams to develop and implement risk mitigation strategies and controls.

• Assist in the implementation of a control framework across Engineering.

• Support the creation of risk reports to effectively convey risk and control assessments to senior management, highlighting controls weaknesses, the evolving threat landscape, emerging risks, and much more.

• Work closely and collaboratively with key stakeholders across the organization.

• Engagement with change programs to provide ongoing oversight of delivered technology risks.

• Control effectiveness - collect and analyze data on control effectiveness and assess impact on risk posture. Process testing for effectiveness & compliance. Metric collation for KPI/KRI analysis to identify areas of process improvement.

• Support teams with process improvement implementation, automation of metrics.

• Participate in support of internal/external audits, findings, remediation, BCP, Regulatory assessments, RFIs from customers relating to Engineering.

Qualifications:

• Bachelor's degree in IT, Computer Science, Risk Management, or a related field.

• Prior experience in risk / controls assessments and ideally you will have experience with operating risk registers and/or GRC tooling.

• Strong understanding of risk assessment methodologies and frameworks.

• Knowledge of regulatory requirements and industry standards (e.g., ITIL, ISO 27001, NIST).

• Excellent analytical and problem-solving skills.

• Strong reporting and presentational skills.

• Broad exposure to related disciplines within Risk (e.g. cyber, data, change) and awareness of market best practice in risk management within financial services.

• Understanding of good governance practices and the principles of control environment design and operation.

Personal skills & capabilities:

• Strong team and stakeholder management, problem solver, a self-sufficient individual with an ability to be constructively address issues. 

• Able to work on multiple initiatives at once, prioritizing effectively.

• Collaborative skills with the ability to work across disciplines ensuring collective accountability and individual responsibility for task ownership.

• Effective communicator, sharing insight that translates technical concepts into clear and understandable language

#LI-TG1 #ASSOCIATE #STOXX

What You Can Expect from Us

At ISS STOXX, our people are our driving force. We are committed to building a culture that values diverse skills, perspectives, and experiences. We hire the best talent in our industry and empower them with the resources, support, and opportunities to grow—professionally and personally.

Together, we foster an environment that fuels creativity, drives innovation, and shapes our future success.

Let’s empower, collaborate, and inspire.

Let’s be #BrilliantTogether.

About ISS STOXX

ISS STOXX GmbH is a leading provider of research and technology solutions for the financial market. Established in 1985, we offer top-notch benchmark and custom indices globally, helping clients identify investment opportunities and manage portfolio risks. Our services cover corporate governance, sustainability, cyber risk, and fund intelligence. Majority-owned by Deutsche Börse Group, ISS STOXX has over 3,400 professionals in 33 locations worldwide, serving around 6,400 clients, including institutional investors and companies focused on ESG, cyber, and governance risk. Clients trust our expertise to make informed decisions for their stakeholders' benefit. 

STOXX® and DAX® indices comprise a global and comprehensive family of more than 17,000 strictly rules-based and transparent indices. Best known for the leading European equity indices EURO STOXX 50®, STOXX® Europe 600 and DAX®, the portfolio of index solutions consists of total market, benchmark, blue-chip, sustainability, thematic and factor-based indices covering a complete set of world, regional and country markets. STOXX and DAX indices are licensed to more than 550 companies around the world for benchmarking purposes and as underlyings for ETFs, futures and options, structured products, and passively managed investment funds. STOXX Ltd., part of the ISS STOXX group of companies, is the administrator of the STOXX and DAX indices under the European Benchmark Regulation. 

Visit our website: https://www.issgovernance.com       

View additional open roles: https://www.issgovernance.com/join-the-iss-team/      

Institutional Shareholder Services (“ISS”) is committed to fostering, cultivating, and preserving a culture of diversity and inclusion. It is our policy to prohibit discrimination or harassment against any applicant or employee on the basis of race, color, ethnicity, creed, religion, sex, age, height, weight, citizenship status, national origin, social origin, sexual orientation, gender identity or gender expression, pregnancy status, marital status, familial status, mental or physical disability, veteran status, military service or status, genetic information, or any other characteristic protected by law (referred to as “protected status”).  All activities including, but not limited to, recruiting and hiring, recruitment advertising, promotions, performance appraisals, training, job assignments, compensation, demotions, transfers, terminations (including layoffs), benefits, and other terms, conditions, and privileges of employment, are and will be administered on a non-discriminatory basis, consistent with all applicable federal, state, and local requirements.