Technology Risk Engineer - Vendor Risk Management

A large investment banking client is looking for a Tech Risk Engineer to join their Transaction Banking team. This Tech Risk Engineer is a hands-on technical role responsible for assessing technology and cybersecurity risks posed by third-party vendors, designing risk treatment plans, and driving remediation in partnership with vendors and internal stakeholders. This role bridges deep technical expertise with risk governance, ensuring vendor-introduced risks are identified, quantified, and resolved in alignment with the organization’s risk appetite.

Responsibilities will include:
1. Vendor Technology Risk Assessment
 Perform in-depth technical risk assessments of vendors across cybersecurity, cloud architecture, data protection, application security, infrastructure resilience, and operational technology.
 Review SOC 1/SOC 2 Type II reports, ISO 27001 certifications, penetration test results, SBOMs, threat models, and architecture diagrams.
 Conduct technical deep-dives on vendor environments, including API security, encryption standards, IAM configurations, network segmentation, and secure SDLC practices.
 Evaluate vendors against frameworks such as NIST CSF 2.0, NIST SP 800-161, ISO 27001/27036, CIS Controls, PCI-DSS, and Cloud Security Alliance CCM.
2. Risk Treatment Planning
 Develop risk treatment plans (accept, mitigate, transfer, avoid) tailored to each finding's severity, likelihood, and business impact.
 Define compensating controls, technical safeguards, and contractual provisions to reduce residual risk.
3. Remediation & Stakeholder Engagement
 Partner directly with vendor security teams, engineers, and account managers to drive remediation of identified risks.
 Collaborate with internal InfoSec, Cloud Engineering, Application Security, and Business Owners to implement treatment plans.
 Facilitate technical workshops and remediation reviews with vendors to validate fixes and closure evidence.
 Track remediation progress, manage exceptions, and ensure timely closure within SLAs.
 Document key processes, transaction flow and controls across the business for internal and external use
 Assist in fact-finding, data analysis, and supporting documentation collation in response to findings

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

- 3-5 years of experience in one or more of the following areas: information security, technology governance, operational risk, technology or cybersecurity audit, regulatory compliance, third party risk management
- B.S. or higher in Computer Science, Cybersecurity, or Information Security
- Experience in financial services or fintech
- Strong understanding of technology implications of regulations
- Ability to understand internal and external processes and integration to understand risks and identify controls
- Experience conducting audits (SOX, SOC 1, SOC 2, ISO 27001, etc.) or control assessments
- Experience with vendor management
- Experience communicating with high-level global stakeholders on reporting
- Strong documentation skills and ability to create standard operating procedures

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.