Director of Technology Risk & Controls

About Rockefeller Capital Management

Rockefeller Capital Management was established in 2018 as a leading independent financial advisory services firm. Originally founded in 1882 as the family office of John D. Rockefeller, the Firm has evolved to offer strategic advice to ultra- and high-net-worth individuals and families, institutions, and corporations from offices in 33 markets throughout the United States, as well as an office in London. The Firm oversees $221 billion in client assets as of May 31, 2026.

Position

The Director of Technology Risk & Controls will serve as the first-line owner of Technology risk and controls across Rockefeller Capital Management. This role has enterprise-wide accountability for identifying, assessing, and managing technology risks, while enabling innovation and facilitating governance in areas like artificial intelligence (AI), automation, and other emerging technologies. The role ensures that effective risk management practices and controls are embedded into day-to-day technology delivery, supporting the firm’s fiduciary obligations, protecting client trust, and safeguarding the stability, resilience, and integrity of Rockefeller’s technology platforms. This leader will play a pivotal role in shaping and executing the firm’s technology risk and control strategy in close partnership with key stakeholders.

Responsibilities

• Serve as the first-line owner for all technology risk and controls across the firm’s Technology domains — engineering, cloud infrastructure, data platforms, networks, end-user devices, and digital products — with direct accountability for the end-to-end RCSA lifecycle (risk identification, control design, testing, issue tracking, and reporting), operating within the firm’s defined risk appetite and tolerance thresholds and fostering a risk-aware culture across all Technology teams.
• Lead technology risk governance, including oversight of enterprise control frameworks, governance structures, and decision rights across Technology; develop and maintain a structured hierarchy of IT policies, standards, and procedures across key control domains (IAM, data protection, change management, SDLC, and vendor oversight); and implement consistent controls across engineering, infrastructure, and data platforms, including application and process-level controls supporting financial, operational, and regulatory requirements.
• Serve as the central coordination point for all Technology-related regulatory exams and internal/external audits, managing the full audit lifecycle including evidence collection, walkthroughs, and issue remediation; own first-line compliance monitoring and regulatory reporting for the Technology organization, including control-effectiveness measurement and risk trend and scenario analysis.
• Establish and execute first-line risk governance for technology and information security controls — including vulnerability management, patching, endpoint security, network security, and data protection — setting control requirements, monitoring effectiveness, and challenging Information Security and Engineering teams to ensure risks are continuously identified, prioritized, remediated, and monitored in accordance with firm standards and regulatory expectations.
• Manage first-line risk governance for AI, automation, and other emerging technologies, ensuring robust controls and responsible AI practices are embedded throughout implementation lifecycles and strong data governance is enforced; assess and manage technology and data risks associated with third-party platforms, vendors, and strategic partnerships to ensure external services meet the firm’s risk and compliance standards.
• Partner with the Technology team to define and embed risk and control requirements and assurance gates throughout the full software development and delivery lifecycle — from requirements and design through secure development, testing, deployment, and ongoing operations — independently verifying adherence and ensuring risk controls are operationalized in day-to-day technology processes.
• Oversee first-line technology incident management — cyber and operational — setting escalation and reporting standards, monitoring that incidents are contained and remediated by Security Operations and Production teams, and coordinating response, reporting, and post-incident review in close partnership with Enterprise Risk, Compliance, Legal, and other control functions.
• Maintain a comprehensive, forward-looking view of the firm’s technology risk posture; define and maintain the technology risk metrics framework including KRIs, KPIs, and control-effectiveness measures; and produce executive and board-level risk dashboards and audit-ready evidence to provide actionable insights to senior leadership and support governance forums and regulatory transparency.

Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related discipline; advanced degree preferred
• 10+ years of experience in technology risk management, IT controls, or related roles within financial services or similarly regulated environments
• Demonstrated expertise in AI, automation, and emerging technology risk, including model risk management, data governance, and responsible AI frameworks
• Proven track record designing, implementing, and leading enterprise technology risk and control frameworks in complex organizations
• Strong technical acumen across financial services platforms, preferably wealth management, including digital client experiences, data platforms, cloud environments, and third‑party technology ecosystems

Skills

• Demonstrated ability to operate as a firm‑wide leader, setting strategic direction for the firm’s technology risk and control platform and influencing outcomes at the most senior levels of the organization.
• Strong executive presence, judgment, and communication skills.
• Collaborative, cross-functional leader who combines entrepreneurial energy with hands-on execution to deliver measurable risk reduction and business outcomes.
• Proven track record to translate technical, operational, and emerging risks into actionable business, client, and governance insights.
• Able to translate technical and risk concepts into actionable business and regulatory insights.
• Strategic thinker, passionate about identifying opportunities and driving change.
• Intellectually curious, global perspective, high energy, driven, ambitious, commercial; wants to win and works well in fast-paced environment.
• Adaptable, comfortable in ambiguity, with strong ability to creatively solve problems, communicate ideas, drive agendas, and build consensus.

Compensation Range

The anticipated base salary range for this role is $225,000 to $275,000. Base salary for the role will depend on several factors, including a candidate’s qualifications, skills, competencies, and experience, and may fall outside of the range shown. In addition, this role may be eligible for a discretionary bonus. Rockefeller Capital Management offers a comprehensive benefit package including health coverage, vacation time, paid leave, retirement plan, and more. Visit careers.rockco.com to learn more about additional opportunities and benefits offerings.

Disclosure

Rockefeller & Co. LLC, Rockefeller Financial LLC, Rockefeller Trust Company, N.A., The Rockefeller Trust Company (Delaware), Rockefeller Financial Services, Inc. and all other subsidiaries of Rockefeller Capital Management L.P. (individually and collectively, “Rockefeller”) is an equal opportunity employer and does not discriminate on the basis of race, religion, sex, gender, sexual orientation, gender identity or expression, national origin, citizenship, age, military or veteran status, marital or partnership status, caregiver status, legally recognized disability, or any other basis protected by applicable federal, state or local law (“protected characteristics”).

 

Rockefeller Capital Management participates in the E-Verify program in certain locations, as required by law.

• Bachelor’s degree in Information Technology, Computer Science, Engineering, or a related discipline; advanced degree preferred
• 10+ years of experience in technology risk management, IT controls, or related roles within financial services or similarly regulated environments
• Demonstrated expertise in AI, automation, and emerging technology risk, including model risk management, data governance, and responsible AI frameworks
• Proven track record designing, implementing, and leading enterprise technology risk and control frameworks in complex organizations
• Strong technical acumen across financial services platforms, preferably wealth management, including digital client experiences, data platforms, cloud environments, and third‑party technology ecosystems

• Serve as the first-line owner for all technology risk and controls across the firm’s Technology domains — engineering, cloud infrastructure, data platforms, networks, end-user devices, and digital products — with direct accountability for the end-to-end RCSA lifecycle (risk identification, control design, testing, issue tracking, and reporting), operating within the firm’s defined risk appetite and tolerance thresholds and fostering a risk-aware culture across all Technology teams.
• Lead technology risk governance, including oversight of enterprise control frameworks, governance structures, and decision rights across Technology; develop and maintain a structured hierarchy of IT policies, standards, and procedures across key control domains (IAM, data protection, change management, SDLC, and vendor oversight); and implement consistent controls across engineering, infrastructure, and data platforms, including application and process-level controls supporting financial, operational, and regulatory requirements.
• Serve as the central coordination point for all Technology-related regulatory exams and internal/external audits, managing the full audit lifecycle including evidence collection, walkthroughs, and issue remediation; own first-line compliance monitoring and regulatory reporting for the Technology organization, including control-effectiveness measurement and risk trend and scenario analysis.
• Establish and execute first-line risk governance for technology and information security controls — including vulnerability management, patching, endpoint security, network security, and data protection — setting control requirements, monitoring effectiveness, and challenging Information Security and Engineering teams to ensure risks are continuously identified, prioritized, remediated, and monitored in accordance with firm standards and regulatory expectations.
• Manage first-line risk governance for AI, automation, and other emerging technologies, ensuring robust controls and responsible AI practices are embedded throughout implementation lifecycles and strong data governance is enforced; assess and manage technology and data risks associated with third-party platforms, vendors, and strategic partnerships to ensure external services meet the firm’s risk and compliance standards.
• Partner with the Technology team to define and embed risk and control requirements and assurance gates throughout the full software development and delivery lifecycle — from requirements and design through secure development, testing, deployment, and ongoing operations — independently verifying adherence and ensuring risk controls are operationalized in day-to-day technology processes.
• Oversee first-line technology incident management — cyber and operational — setting escalation and reporting standards, monitoring that incidents are contained and remediated by Security Operations and Production teams, and coordinating response, reporting, and post-incident review in close partnership with Enterprise Risk, Compliance, Legal, and other control functions.
• Maintain a comprehensive, forward-looking view of the firm’s technology risk posture; define and maintain the technology risk metrics framework including KRIs, KPIs, and control-effectiveness measures; and produce executive and board-level risk dashboards and audit-ready evidence to provide actionable insights to senior leadership and support governance forums and regulatory transparency.