AVP IT Risk Management

About The Position

Requirements

• Bachelor’s degree required; advanced degree or certifications (CISA, CISSP, CRISC, etc.) preferred
• Demonstrates ownership and accountability for risk oversight and outcomes
• Applies independent judgment and effective challenge
• Effective collaboration and communication with cross-functional teams
• Confident communicator with senior stakeholders
• Proactive risk identification and escalation mindset
• 8–12+ years of experience in IT Risk, Technology Risk, Audit, Information Security, or related functions
• Knowledge of IT control frameworks (SOX, SOC, NIST, etc.) and regulatory requirements
• Experience supporting audits, control testing, and remediation tracking
• Strong analytical, problem-solving, and communication skills

Nice To Haves

• Experience in regulated industries
• Relevant certifications such as CISA, CRISC, or CISSP
• Experience with dashboards, KRIs, or reporting
• Hands-on technology delivery experience

Responsibilities

• Technology Risk Oversight & Control Assurance Provide the independent oversight and ongoing evaluation of technology controls (ITGCs, security controls, system controls)
• Lead and execute control testing strategy, including scoping, testing, and documentation of results
• Identify control gaps, deficiencies, and non-compliance, and require clear remediation actions and timelines
• Provide effective challenge to Technology on control design and remediation adequacy
• Oversee and track remediation efforts, holding stakeholders accountable for timely closure
• Develop and own monitoring and reporting over assigned areas (examples include: technology issues, incidents, and overdue risk items)
• Audit & Regulatory Coordination Own coordination and oversight of internal audits and regulatory exams (FDIC, SOX, SOC, etc.)
• Ensure completeness, accuracy, and quality of materials provided for audits and exams
• Govern the lifecycle of audit findings, including validation of remediation and closure
• Act as a primary liaison between Risk, Audit, Technology, and Compliance
• Drive audit readiness and continuous improvement of the control environment
• Business Continuity & Resilience Review and provide independent challenge to DR testing plans, execution, and results
• Evaluate technology resilience risks, including BIA alignment, system criticality, and recovery capabilities
• Ensure risks are appropriately identified, escalated, and remediated
• Third-Party & Vendor Risk Review and challenge vendor risk assessments and control exceptions
• Provide risk recommendations or escalation on vendor-related control gaps and exceptions
• Collaborate with TPRM, Security, and Legal teams on vendor risk matters
• Risk Metrics & Reporting Deliver clear, concise, and decision-useful risk reporting to senior management
• Contribute to KRIs, dashboards, and risk reporting to improve transparency and decision-making
• Support preparation of risk reports for senior management and Board committees
• Translate technical risk findings into business-relevant insights
• Escalate material risks and emerging themes proactively

Benefits

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package -Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition