Nasdaq is looking for a motivated and detail-oriented Senior Specialist - Technology Risk Management to join the Group Risk Management (GRM) team. This role will support the execution of technology risk management activities across Nasdaq’s global businesses, including regulated market infrastructure and technology solutions.
This position focuses on delivering practical risk oversight and assessment capabilities across a rapidly evolving technology landscape, including cloud modernization, artificial intelligence, operational resilience, and digital assets / blockchain initiatives. The Snr. Specialist will work closely with technology, business, and risk stakeholders to identify, assess, and monitor risks aligned with Nasdaq’s risk appetite and regulatory expectations.
This is an individual contributor role, offering the opportunity to build deep expertise in technology risk while contributing to high-impact initiatives across Nasdaq
Support the execution of technology risk assessments, including System Risk Assessments, Risk and Control Self-Assessments, and project / new initiative assessments
Supply to risk oversight of cloud modernization initiatives, including migration to AWS, cloud-native architectures, and associated risks (e.g., resilience, configuration, security)
Support risk activities related to AI governance and AI-enabled solutions, including consistency to policy requirements, use case approval processes, model and data risk considerations, and monitoring of AI-related risks
Assist in the identification and assessment of risks associated with blockchain technologies, including tokenization models, integration with traditional financial systems, and evolving market structure considerations
Support risk coverage of initiatives involving digital asset infrastructure and workflows, including areas such as collateral management, liquidity movement, and interaction between on-chain and traditional systems
Chip in to the development and maintenance of technology risk metrics, Key Risk Indicators (KRIs), and risk dashboards, enabling more effective monitoring and reporting
Support the delivery of risk reporting and insights to governance forums, including contributions to risk assessment results and risk profile updates
Partner with product engineering, infrastructure, and product teams to provide actionable risk mentorship and effective challenge on control develop and implementation
Support incident and issue management activities, including analysis of technology incidents (e.g., outages, security events) and identification of thematic risks and control gaps
Assist in embedding technology risk considerations into the product development lifecycle (PDLC), organisational change, and operational processes, including emerging areas such as automated/AI-assisted development
Give to initiatives to improve Nasdaq’s technology risk frameworks, methodologies, and tooling, including integration of risk processes with modern engineering and cloud environments
Collaborate with multi-functional risk and assurance teams (Information Security, Internal Audit, Compliance, Legal, Global Tech) to support a coordinated approach to risk management.
Technical and Risk Expertise
Solid understanding of key technology risk domains, including:
Cloud computing (AWS preferred), including shared responsibility model, cloud architecture patterns, and risks related to resilience, availability, and vendor dependency
Cyber security fundamentals, including identity and access management, data protection, and secure configuration practices
Software development lifecycle (SDLC / PDLC), including CI/CD, infrastructure-as-code, and organisational change processes
Operational resilience, including system availability, recovery (RTO/RPO), incident response, and service continuity
Familiarity with emerging technology risks, including:
Artificial Intelligence / Machine Learning, including governance frameworks, model risk considerations, data quality, bias, explain-ability, and monitoring
Agentic / automated AI systems and their implications for control develop, audit-ability, and human oversight
Digital assets and blockchain, including tokenization of financial assets and associated control considerations
Understanding of risk management concepts and frameworks, such as:
Risk identification, assessment, control evaluation, and issue remediation
Alignment to industry standards and regulatory expectations (e.g., NIST, ISO, DORA, or similar)
Awareness of evolving regulatory and supervisory expectations related to new technologies.
Experience supporting risk reporting, data analysis, or visualization is a plus.
Education Required: MSc, BSc or related discipline, or equivalent work experience
8-10 years of experience in technology risk, IT risk, cyber risk, operational risk, audit, or engineering / infrastructure roles within a technology-driven environment
Foundational understanding of modern technology environments, including cloud platforms, distributed systems, and application architectures
Exposure to risk assessment, control evaluation, or governance activities within a financial services, fintech, or regulated environment preferred
Strong analytical and problem-solving skills, with the ability to assess risks and identify practical solutions
Experience using structured techniques to analyze technology environments, such as developing data flow diagrams, process flow diagrams, or system interaction models to support risk identification and control assessment
Effective communication skills, with the ability to translate technical concepts into clear, business-relevant risk insights
Ability to work collaboratively across global teams and manage multiple priorities in a dynamic environment
Come as You Are
Nasdaq is an equal opportunity employer. We welcome applications from candidates of all backgrounds and identities.
We are committed to fostering an inclusive workplace where diverse perspectives, experiences, and identities are valued and celebrated.
We ensure that individuals with disabilities are provided with reasonable accommodation throughout the hiring process.
