Technology Risk Senior Manager

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Enterprise Risk team plays a crucial role in ensuring that Robinhood’s engineering and cybersecurity practices remain resilient, forward-looking, and compliant. Our mission is to proactively identify, assess, and mitigate technology and cybersecurity risks that could impact Robinhood’s systems, customers, or regulatory standing!

This role is based in our Menlo Park, CA or New York, NY offices, with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

1. Conduct and lead detailed technical risk assessments with application developers, platform engineers, and security teams to uncover insecure coding practices, architectural vulnerabilities, or third-party technology risks
2. Assess risks at the network, infrastructure, and application levels—including traffic flows, API misuse, misconfigured cloud resources, or exposed endpoints
3. Design and maintain frameworks that translate engineering-level risks (e.g., data leakage from flawed encryption, weak access control patterns) into business-impacting scenarios and measurable risk statements
4. Serve as a trusted advisor on secure engineering principles, threat modeling, and secure software development lifecycle (SSDLC) governance
5. Collaborate with leadership across engineering, security, and product to ensure risk mitigation strategies are practical, adopted, and embedded into daily decision-making

What you bring

1. 10+ years of experience in technology or cybersecurity risk management, ideally in regulated financial services (banks, fintechs, or broker-dealers)
2. Demonstrated technical depth in application development, secure coding principles, and software architecture risk identification
3. Strong working knowledge of networking fundamentals (e.g., DNS, firewalls, TLS, routing protocols), network segmentation, and cloud-native environments (e.g., AWS, Kubernetes)
4. Prior experience influencing engineering and infrastructure teams through clear articulation of technical risks and control requirements
5. Familiarity with NIST CSF, ISO 27001, OWASP, and secure code analysis tools (e.g., SAST, DAST, or SCA)
6. Strong communication, storytelling, and stakeholder engagement skills—especially when simplifying complex risk topics for executive audiences
7. Bonus Points: CISSP, CISM, CRISC, CISA or related security certifications, PMP or Agile-related certification, Series 7, 24, or 4 licensing

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones. For other locations not listed, compensation can be discussed with your recruiter during the interview process.

Base Pay Range:

Zone 1 (Menlo Park, CA; New York, NY; Bellevue, WA; Washington, DC)

$170,000 - $200,000 USD

Zone 2 (Denver, CO; Westlake, TX; Chicago, IL)

$150,000 - $176,000 USD

Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL)

$133,000 - $156,000 USD