COO Technology Risk Governance Lead

About The Position

Requirements

• 7+ years of Business Systems Data and Business Systems Designing experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 5+ years of experience governing enterprise-scale technology initiatives with multiple stakeholders and execution teams
• 5+ years of working knowledge in technology risk domains, including IAM, vulnerability management, SDLC, infrastructure lifecycle, and regulatory compliance
• 5+ years of experience supporting, executing, and evidencing controls, certifications, audits, or regulatory deliverables
• 5+ years of proven experience leading or coordinating responses to complex, high ‑ impact incidents in a large, matrixed organization

Nice To Haves

• Strong executive presence with the ability to communicate clearly, influence senior leaders, and drive outcomes through deliberate and effective engagement.
• Proven experience leading large-scale, enterprise technology initiatives, managing complex, multi-stakeholder environments and matrixed platform and application teams.
• Highly independent and decisive professional, demonstrating sound judgment, composure, and accountability in high-pressure, time ‑ critical situations.
• Exceptional communication, facilitation, and presentation skills, adept at tailoring messaging to technical and non-technical audiences to achieve objectives.
• Ability to influence without authority, motivating cross-functional teams, fostering trust, and driving collaboration and results.
• Deep expertise in technology risk and governance, including IAM, vulnerability management, SDLC, infrastructure lifecycle, regulatory compliance, control frameworks, audits, and policy exception processes.

Responsibilities

• Provide governance and accountability oversight for a portfolio of technology risk initiatives spanning: Identity & Access Management Data Loss Prevention and Information Protection Risk Management of Aged Vulnerabilities Oversight of Non-Current Technology Shadow IT and policy exception lifecycle management
• Act as a single point of accountability for assigned initiatives, ensuring ownership, milestones, dependencies, and remediation paths are clearly defined and tracked.
• Establish and maintain governance routines (intake, prioritization, cadence, escalation, closure) for technology risk workstreams.
• Partner with platform leaders, application managers, BCMs, BISOs, Cybersecurity, and second line risk teams to drive execution and resolve gaps.
• Govern certifications, attestations, and control execution activities, ensuring evidence completeness, audit readiness, and adherence to required cadence.
• Support regulatory, audit, and independent testing activities, including issue tracking, response coordination, and status reporting.
• Develop and deliver executive ready risk reporting using enterprise tools (e.g., ServiceNow, Power BI, Excel).
• Translate complex technical risk data into clear, concise risk narratives for leadership forums and governance reviews.
• Identify emerging risks, systemic issues, and process breakdowns; recommend improvements to strengthen governance and execution discipline.
• Lead and facilitate working sessions, office hours, and targeted engagements to improve understanding and compliance with technology risk requirements.
• Influence across teams without direct authority, escalating when necessary to ensure timely outcomes.