Technology Risk Senior Manager

About the team + role

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

The Enterprise Risk team plays a crucial role in ensuring that Robinhood’s engineering and cybersecurity practices remain resilient, forward-looking, and compliant. Our mission is to proactively identify, assess, and mitigate technology and cybersecurity risks that could impact Robinhood’s systems, customers, or regulatory standing!

This role is based in our Menlo Park, CA or New York, NY offices, with in-person attendance expected at least 3 days per week.

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

What you’ll do

• Conduct and lead detailed technical risk assessments with application developers, platform engineers, and security teams to uncover insecure coding practices, architectural vulnerabilities, or third-party technology risks
• Assess risks at the network, infrastructure, and application levels—including traffic flows, API misuse, misconfigured cloud resources, or exposed endpoints
• Design and maintain frameworks that translate engineering-level risks (e.g., data leakage from flawed encryption, weak access control patterns) into business-impacting scenarios and measurable risk statements
• Serve as a trusted advisor on secure engineering principles, threat modeling, and secure software development lifecycle (SSDLC) governance
• Collaborate with leadership across engineering, security, and product to ensure risk mitigation strategies are practical, adopted, and embedded into daily decision-making

What you bring

• 10+ years of experience in technology or cybersecurity risk management, ideally in regulated financial services (banks, fintechs, or broker-dealers)
• Demonstrated technical depth in application development, secure coding principles, and software architecture risk identification
• Strong working knowledge of networking fundamentals (e.g., DNS, firewalls, TLS, routing protocols), network segmentation, and cloud-native environments (e.g., AWS, Kubernetes)
• Prior experience influencing engineering and infrastructure teams through clear articulation of technical risks and control requirements
• Familiarity with NIST CSF, ISO 27001, OWASP, and secure code analysis tools (e.g., SAST, DAST, or SCA)
• Strong communication, storytelling, and stakeholder engagement skills—especially when simplifying complex risk topics for executive audiences
• Bonus Points: CISSP, CISM, CRISC, CISA or related security certifications, PMP or Agile-related certification, Series 7, 24, or 4 licensing

What we offer

• Challenging, high-impact work to grow your career
• Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
• Best in class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents
• Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more
• Employer-paid life & disability insurance, fertility benefits, and mental health benefits
• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!
• Exceptional office experience with catered meals, events, and comfortable workspaces