AVP/VP, IT/IS Risk Management

About The Position

Requirements

• Minimum 5 years' experience in Information Security Risk and/or Audit within the financial services industry.
• Minimum 3 years' experience in IT Audit or controls testing.
• In depth knowledge and experience in Information Technology Governance, Risk, and Compliance.
• Extensive knowledge and experience in regulatory guidance, most importantly for the FDIC, CFPB, and FFIEC requirements and supporting guidelines.
• Strategic mindset, with excellent knowledge and understanding of the financial industry. Highly developed ability for conceptual thinking.
• Excellent communication and presentation skills.
• Proven track record of building strong relationships across business functions.
• Strong presentation skills, in anticipation of audiences with varying IT knowledge; ability to adjust presentation details based on audience.
• Demonstrated ability to interact effectively, internally, and externally, with the most senior representatives of the Bank, other organizations, regulators, and vendors.
• Strong Microsoft Excel, PowerPoint, and report writing skills, including the ability to evaluate the usefulness of data and use it in meaningful communication.
• Proven ability to initiate and manage projects.

Nice To Haves

• College degree in Computer Science, Information Technology, or Information Security or equivalent preferred.
• CISA or similar audit certifications.
• Industry recognized certifications such as CISA, CRISC, or similar risk certifications preferred.

Responsibilities

• As the Second Line of Defense (2LOD), provide thought leadership and constructive challenge to the First Line of Defense (1LOD) for control and risk-related matters.
• Oversee IT risk management practices covering all facets of the IT Risk Management Framework (including Operations, Change Management, and Information Security), provide interpretation and counsel on policies and Standards.
• Responsible for supporting the Information Technology Risk Management program.
• Support the adoption of the Bank's eGRC platform throughout the enterprise and promote its use among the stakeholders of the Information Technology Risk Management program.
• Provide technical and best practice guidance on Information Technology Risk Management and Information Technology, accounting for specific business platform complexities and issues.
• Provide input into the setting of enterprise IT risk appetite based on platform specific differences and specific business considerations.
• Develop periodic reports of Information Technology Risks and control effectiveness as required.
• Review Information Security, Information Technology, and cybersecurity control processes along with associated documentation, and reporting.
• Review key audit, regulatory and client due diligence to develop and communicate risk themes and solutions to the business.
• Establish effective monitoring practices to ensure adherence to the IT Risk Management framework, supporting policies and standards, and assist the business in the identification of issues.
• Perform 2LOD control testing, as required, to assess the design and operating effectiveness of 1LOD IT general controls and application controls.
• Advise and collaborate with IT and the business on appropriate ways to strengthen controls in non-compliant areas.
• Advise and provide credible challenge on the mitigation of IT Risk Management issues.
• Assist in providing ongoing IT Risk Management governance and direction for the enterprise.
• Engage with the Bank's leads for Information Technology, Information Security, Disaster Recovery & Business Continuity, Infrastructure, Data Governance, Vendor Management, Third-Party Risk Management, and Change Management Practices to obtain technical domain advice and advise on matters of risk.
• Develop and maintain key business relationships to provide advice and oversight on new initiatives, products, and projects.
• Perform annual review and on-going monitoring and development of 2LOD owned IT and IS policies and standards.