Location(s): 100% Remote or Los Angeles, CA (candidate choice)
Job Description & Synthesis
This role is responsible for the development and maturing of the 2nd line of defense (2LOD) Cyber and Technology Risk team.
This leader is the owner of all Cyber and Technology policies and standards across the bank and is responsible for providing independent oversight and challenge of all risk management activities in these domains ensuring that risks are sufficiently mitigated.
The leader will continue to mature the bank’s 2nd line IT risk management program in line with industry best practices, regulatory requirements, and other entities in the US.
Manages a team of professionals who oversee all aspects of IT Risk.
Risk management emphasis includes IT governance and strategy, IT operations, information security, change and configuration management, overall enterprise governance, risk and compliance (GRC) management, and regular reporting to the bank’s governance committees.
Participates in the planning and implementation of information technology controls for all material IT Projects.
Provides oversight of the evaluation and selection of applications and systems.
Makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective, or strengthen controls, or reduce risk.
Provides executive management, the Board with the enterprise risk profile of the bank for aggregate cyber and technology risk.
Specific Responsibilities
Oversee IT risk management practices covering all facets of the IT Risk Framework (including Information Security), provide interpretation and counsel on policies.
Responsible for leading the technology risk management program.
Provides technical and best practice guidance on Information Technology Risk and Information Technology taking into account specific business platform complexities, and issues.
Manage the functions and team of professionals who oversee all aspects of IT Risk.
Provides input into the setting of risk appetite based on platform-specific differences and specific business considerations.
Develops and reports the quarterly enterprise cyber and technology risk profile.
Reviews security and control processes along with associated documentation, and reporting.
Reviews key audit, regulatory, and client due diligence to develop and communicate risk themes, and solutions to the business.
Establish effective monitoring practices to ensure adherence to the IT risk management framework and policy, and assist businesses in the identification of issues.
Advise and collaborate with IT and the business on appropriate ways to strengthen controls in non-compliant areas.
Advise and assist first line of defense in IT Risk mitigation planning activities.
Provide ongoing IT Risk Management governance and direction for the technology production environment.
Manage, develop, and play a leadership role for the staff.
Develop a high-performing team.
Manage the personnel processes for employees, including selection, training, performance management, development, and retention.
Fosters an environment where colleagues are empowered and have the opportunity to develop and grow.
Engage with domain leads for Information Technology, Information Security, Disaster Recovery & Business Continuity, Infrastructure, Data Quality, Performance & Scalability, and Change Management & Development Practices to obtain technical domain advice as appropriate.
Work effectively with the bank’s senior executives.
Develop and maintain key business relationships in order to provide advice and oversight on new initiatives.
Provides regular reporting of Information Technology risk as required by bank governance committees.
Key Requirements
Bachelor’s Degree in computer science, risk management, or IT required.
Minimum 10 years in Technology Risk roles in Banking or Financial Services.
Minimum 7 years in a Managerial/Supervisory role.
Graduate degree in business or related discipline and / or MBA, CIA, or other professional-related qualification.
Extensive knowledge of and experience in Information Technology Governance, Risk, and Compliance.
Solid understanding of USA region, including a breadth of business content experience across the platform and region.
Strong leadership skills.
Strategic mindset, with excellent knowledge and understanding of the financial industry.
Highly developed ability for conceptual thinking.
Excellent communication and presentation skills.
Well-developed impact and influence skills.
Proven track record of building strong relationships across business functions.
Extensive knowledge and experience in regulatory guidance, most importantly for the OCC and FFIEC guidelines.
Strong presentation skills involving large and of varying IT background audiences; ability to adjust message and filter details based on audience.
Demonstrated ability to interact effectively, internally and externally, with the most senior representatives of organizations, regulators and vendors.
Strong Microsoft Excel, PowerPoint, and report writing skills, including the ability to evaluate the usefulness of data and use it in meaningful communication.