IT Risk Management, Tech & Ops, Associate

About this role

About the Role

Join BlackRock’s Cyber Diligence team as an Associate, IT Risk Management, where you’ll serve as a trusted advisor and technical risk evaluator for the organization. In this role, you’ll partner with stakeholders across business and technology to assess information security risks, guide decision-making, and recommend effective mitigation strategies. You’ll combine technical acumen with consultative skills to help shape the organization’s risk posture.

Key Responsibilities

• Lead the evaluation of information security risks for new technology initiatives, changes, and high-risk requests, acting as the central point of coordination for risk analysis and mitigation.

• Provide consultative advice to business and technology teams, enabling informed risk management decisions and supporting risk acceptance or denial recommendations.

• Conduct technical risk assessments and hands-on security reviews of applications, infrastructure, and cloud environments, leveraging industry-standard tools and frameworks.

• Conduct vulnerability scanning, threat modeling, and security architecture reviews using industry-standard tools.

• Analyze and interpret vulnerability scan results, penetration test findings, and security logs; provide actionable recommendations for remediation.

• Collaborate with engineering, operations, and business teams to identify, assess, and remediate security risks, ensuring solutions are practical and aligned with business needs.

• Develop and recommend actionable mitigation strategies for identified risks, balancing technical requirements with business objectives.

• Communicate complex technical and risk issues to diverse audiences in a clear, authoritative, and actionable manner.

• Support the documentation and continuous improvement of information security policies, standards, and processes.

• Assist with pre-M&A information security reviews and due diligence.

• Maintain strong working relationships with stakeholders across the organization, fostering a culture of risk awareness and proactive security.

• Participate in the governance and recertification of high-risk security requests, ensuring compliance with audit requirements.

Required Qualifications

• 4+ years of experience in information security, with at least 2 years in a risk advisory or technical risk analysis role.

• Demonstrated ability to lead and coordinate complex risk evaluations, including risk acceptance and mitigation planning.

• Experience with technical risk assessment tools and methodologies (e.g., vulnerability scanning, threat modeling, security architecture review).

• Strong consultative and advisory skills, with the ability to influence and guide stakeholders toward effective risk management decisions.

• Excellent communication skills, with the ability to translate technical findings into business-relevant recommendations.

• Familiarity with information security management frameworks (e.g., NIST 800-53, ISO 27001, CIS Controls).

• Bachelor’s degree in Computer Science, Information Security, or a related field.

• Relevant certifications (CISSP, CISM, CISA, or similar) are preferred.

Preferred Skills

• Experience with cloud platforms (AWS, Azure, GCP) and cloud security controls.

• Knowledge of secure software development practices and DevSecOps principles.

• Ability to perform technical deep-dives and root cause analysis of security issues.

• Strong prioritization and project management skills.

• Ability to work effectively in a global, distributed team environment.

Who You Are

You are a strategic thinker with a strong technical foundation, able to translate complex security risks into actionable business decisions. You thrive in collaborative environments and enjoy serving as a trusted advisor to both technical and non-technical stakeholders.

Our benefits
To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.

Our hybrid work model

BlackRock’s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person – aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock.

About BlackRock

At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being.  Our clients, and the people they serve, are saving for retirement, paying for their children’s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.

This mission would not be possible without our smartest investment – the one we make in our employees. It’s why we’re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive.

For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www.linkedin.com/company/blackrock

BlackRock is proud to be an Equal Opportunity Employer.  We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.