Senior Specialist - Technology Risk Management

About the role

Nasdaq is looking for a motivated and detail-oriented Senior Specialist - Technology Risk Management to join the Group Risk Management (GRM) team. This role will support the execution of technology risk management activities across Nasdaq's global businesses, including regulated market infrastructure and technology solutions. This position focuses on delivering practical risk oversight and assessment capabilities across a rapidly evolving technology landscape, including cloud modernization, artificial intelligence, operational resilience, and digital assets / blockchain initiatives. The Snr. Specialist will work closely with technology, business, and risk stakeholders to identify, assess, and monitor risks aligned with Nasdaq's risk appetite and regulatory expectations. This is an individual contributor role, offering the opportunity to build deep expertise in technology risk while contributing to high-impact initiatives across Nasdaq Support the execution of technology risk assessments, including System Risk Assessments, Risk and Control Self-Assessments, and project / new initiative assessments Supply to risk oversight of cloud modernization initiatives, including migration to AWS, cloud-native architectures, and associated risks (e.g., resilience, configuration, security) Support risk activities related to AI governance and AI-enabled solutions, including consistency to policy requirements, use case approval processes, model and data risk considerations, and monitoring of AI-related risks Assist in the identification and assessment of risks associated with blockchain technologies, including tokenization models, integration with traditional financial systems, and evolving market structure considerations Support risk coverage of initiatives involving digital asset infrastructure and workflows, including areas such as collateral management, liquidity movement, and interaction between on-chain and traditional systems Chip in to the development and maintenance of technology risk metrics, Key Risk Indicators (KRIs), and risk dashboards, enabling more effective monitoring and reporting Support the delivery of risk reporting and insights to governance forums, including contributions to risk assessment results and risk profile updates Partner with product engineering, infrastructure, and product teams to provide actionable risk mentorship and effective challenge on control develop and implementation Support incident and issue management activities, including analysis of technology incidents (e.g., outages, security events) and identification of thematic risks and control gaps Assist in embedding technology risk considerations into the product development lifecycle (PDLC), organisational change, and operational processes, including emerging areas such as automated/AI-assisted development Give to initiatives to improve Nasdaq's technology risk frameworks, methodologies, and tooling, including integration of risk processes with modern engineering and cloud environments Collaborate with multi-functional risk and assurance teams (Information Security, Internal Audit, Compliance, Legal, Global Tech) to support a coordinated approach to risk management. Technical and Risk Expertise Solid understanding of key technology risk domains, including: Cloud computing (AWS preferred), including shared responsibility model, cloud architecture patterns, and risks related to resilience, availability, and vendor dependency Cyber security fundamentals, including identity and access management, data protection, and secure configuration practices Software development lifecycle (SDLC / PDLC), including CI/CD, infrastructure-as-code, and organisational change processes Operational resilience, including system availability, recovery (RTO/RPO), incident response, and service continuity Familiarity with emerging technology risks, including: Artificial Intelligence / Machine Learning, including governance frameworks, model risk considerations, data quality, bias, explain-ability, and monitoring Agentic / automated AI systems and their implications for control develop, audit-ability, and human oversight Digital assets and blockchain, including tokenization of financial assets and associated control considerations Understanding of risk management concepts and frameworks, such as: Risk identification, assessment, control evaluation, and issue remediation Alignment to industry standards and regulatory expectations (e.g., NIST, ISO, DORA, or similar) Awareness of evolving regulatory and supervisory expectations related to new technologies. Experience supporting risk reporting, data analysis, or visualization is a plus. Education Required: MSc, BSc or related discipline, or equivalent work experience 8-10 years of experience in technology risk, IT risk, cyber risk, operational risk, audit, or engineering / infrastructure roles within a technology-driven environment Foundational understanding of modern technology environments, including cloud p