In line with our operational risk framework, we have established protocols for analyzing, reporting, escalating and mitigating operational risks. We work with business unit management and support functions to help them manage their operational risk exposures.
The Technology Risk Management (TRM) department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for:
- Maintaining DTCC corporate security policies and control standards.
- Acting as a second line of defense via a robust collection of risk and control assessments.
- Reporting to Executive Management and the Board on the status of the IT Risk and Information Security Programs.
- Acting as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm and responding to potential incidents.
- Serving as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security.