Director, Technology Risk

FactSet creates flexible, open data and software solutions for over 200,000 investment professionals worldwide, providing instant access to financial data and analytics that investors use to make crucial decisions. At FactSet, our values are the foundation of everything we do. They express how we act and operate, serve as a compass in our decision-making, and play a big role in how we treat each other, our clients, and our communities. We believe that the best ideas can come from anyone, anywhere, at any time, and that curiosity is the key to anticipating our clients’ needs and exceeding their expectations.

The Senior Director of Technology Risk will establish and lead FactSet’s enterprise technology risk function. This foundational leadership role is responsible for building frameworks, methodologies, governance structures, and the team required to identify, assess, prioritize, and manage technology risks across the enterprise. As the function does not exist in its intended form today, the successful candidate will build it end‑to‑end, and define its scope, credibility, and enterprise impact. A core mandate of the role is to enable risk‑informed technology investment decisions. Technology spending, modernization efforts, and operational improvements will be evaluated based on both the severity of technology risk and the strategic importance of the affected products, platforms, and services. The leader of the function will operationalize this approach through a consistent, credible, and actionable decision framework that directly influences capital allocation and engineering priorities.

This role partners closely with the Chief Technology Officer, enterprise risk, engineering and platform leaders, product management, and finance to embed risk‑based thinking into technology planning and portfolio management. Success requires technical depth, business acumen, and the ability to translate complex technology risk concepts into clear investment narratives that inform executive and Board‑level decisions.

Key Responsibilities

• Establish and lead FactSet's technology risk function, including frameworks, methodologies, tools, governance, and team structure to identify, assess, prioritize, and manage risks across the technology portfolio.
• Define a technology risk taxonomy and scoring model that incorporates risk severity, business criticality, revenue contribution, customer dependency, and strategic alignment to enable consistent, defensible investment prioritization.
• Produce clear, quantified risk profiles that connect technology risks to business outcomes, informing remediation, modernization, and operational spend decisions.
• Partner with engineering, platform, and product leaders to conduct regular risk assessments across infrastructure resilience, application health, third‑party dependencies, data risk, and technology change risk.
• Build and maintain a centralized technology risk register tracking identified risks, ownership, ratings, remediation plans, and residual risk levels — serving as the single source of truth for FactSet's risk posture.
• Establish governance forums and reporting cadences that deliver timely, actionable risk insights to the CTO, executive leadership, and the Board.
• Define, track, and report on KRIs and KPIs to enable proactive monitoring and early detection of emerging risks.
• Embed technology risk considerations into architecture decisions, roadmaps, modernization initiatives, and major change programs in partnership with the CISO and engineering leadership.
• Lead risk assessments for significant investments, platform adoptions, vendor selections, and major change programs to support go/no‑go and prioritization decisions.
• Collaborate with Legal, Compliance, Finance, and Internal Audit to align the technology risk function with regulatory requirements and the broader Enterprise Risk Management (ERM) framework.
• Build and develop a high‑performing technology risk team grounded in analytical rigor, intellectual honesty, and strong business partnership.
• Design and deliver technology risk literacy programs that empower engineers and business leaders to engage with risk as a strategic management tool — not solely a compliance exercise.

Required Skills

• 15+ years of technology experience, including 7+ years in technology risk or IT risk management within a global Fintech, Financial Services, or enterprise technology organization.
• Proven track record building or significantly maturing a technology risk practice, including frameworks, taxonomies, assessment methodologies, governance structures, and risk registers.
• Strong command of risk quantification methods, including qualitative scoring models and quantitative approaches such as FAIR, with the ability to translate risk data into clear investment cases and prioritization decisions.
• Deep expertise across infrastructure resilience, application and platform health, third‑party and vendor risk, data risk, operational risk, and technology change risk.
• Demonstrated success embedding risk‑based thinking into technology portfolio management and investment decision‑making in partnership with Finance, Product, and Engineering leadership.
• Familiarity with enterprise risk frameworks such as COSO, ISO 31000, or COBIT, and the ability to integrate technology risk into broader organizational governance.
• Strong understanding of technology portfolio concepts including business criticality, technical debt, service dependencies, application lifecycle, and platform health.
• Executive‑level communication skills, with experience presenting risk posture, investment priorities, and remediation progress to Audit Committees and Boards.
• Experience with GRC platforms and risk management tooling, including defining requirements and driving adoption across large technology organizations.
• Relevant certifications such as CRISC or CGEIT preferred.