Director, Governance & Controls – Information Technology & Information Security

About The Position

Requirements

• Minimum of 12 years of progressive experience in technology, cybersecurity, risk management or controls implementation within a large, complex financial institution (GSIB experience preferred).
• Proven track record of developing, leading, and executing GRC strategies in a technology-driven environment.
• Regulatory and industry expert with deep knowledge of US and global regulatory requirements and industry standards (FFIEC, GLBA, NYDFS, NIST, COBIT, ISO).
• Experience managing regulatory exams, audits, and industry assessments.
• Relevant certifications such as CISA, CRISC, CISSP, or CISM.
• Demonstrated experience leading diverse, high-performing teams and driving collective success through collaboration and inclusion.
• Strategic and analytical thinker who sees the big picture, anticipates future trends, and develops long-term plans that align with organizational goals.
• Ability to analyze complex situations, identify opportunities and risks, and make informed decisions that drive sustainable success.
• Data-driven and strong communicator who interprets and analyzes complex data, communicating detailed information in a meaningful way.
• Leverages data analysis and visualization to provide insights and recommendations to diverse audiences.
• Champion of change who continuously evolves thinking and working methods to deliver optimal results.
• Flexible and able to pivot easily in response to shifting priorities.
• Collaborative relationship builder who thrives in a team environment, leveraging the power of collaboration to achieve shared goals.
• Excels at building constructive and collaborative relationships, inspiring outcomes, and fostering trust through respect and authenticity.
• Detail-oriented and notices things that others don't, using critical thinking skills to inform decision-making and ensure the integrity of risk and control processes.
• Values matter to you. You bring your real self to work, and you live our values - trust, teamwork, and accountability.

Nice To Haves

• GSIB experience preferred.

Responsibilities

• Lead the development, implementation, and continuous improvement of technology and cybersecurity governance, risk, and control frameworks.
• Leverage deep technical expertise to identify, assess, and mitigate emerging technology and cyber risks, ensuring robust operational resilience and regulatory compliance.
• Demonstrate a strong understanding of control frameworks, regulations, management control environments, audit, corporate policies and standards, business processes, and new industry-level guidance.
• Translate risk program requirements into process, risk, cause and control.
• Act as the risk and controls Subject Matter Expert (SME), providing expert advice to business partners, while identifying efficiency opportunities within existing processes.
• Maintain a forward-looking view of the control environment, staying informed on regulatory changes, emerging risks, and industry best practices.
• Inspire, lead, and develop a high-performing, diverse team of risk and technology professionals.
• Foster an inclusive culture of innovation, accountability, and continuous improvement, empowering team members to excel and drive collective success.
• Serve as a trusted advisor to provide expert guidance on risk management, control design, and compliance, with a focus on technology, data and cybersecurity domains.
• Advance organizational risk maturity through innovative solutions, automation, and AI-driven enhancements.
• Partner with business and technology leaders to conduct comprehensive risk assessments, identify control gaps, and develop actionable mitigation strategies.
• Oversee incident response, root cause analysis, and sustainability testing.
• Lead the preparation for and management of regulatory exams, internal audits, and industry assessments.
• Ensure timely resolution of findings and implementation of corrective actions, drawing on deep knowledge of US and global regulatory requirements.
• Champion continuous improvement initiatives, leveraging emerging technologies and industry best practices to enhance the efficiency, effectiveness, and sustainability of the control environment.
• Establish and maintain a strong operating/engagement model across all three lines of defense.
• Collaborate to maintain a robust control framework and foster a culture of sustainable continuous improvement and innovation.
• Build trust and credibility with stakeholders by demonstrating expertise, authenticity, and a collaborative approach.
• Build and maintain strong executive relationships, including direct exposure to senior leaders.
• Deliver insights and recommendations tailored to diverse audiences, including senior leadership, regulators, and external stakeholders.
• Translate complex data and findings into clear, actionable insights.
• Participate in and lead special projects that advance the broader CAO + TDAI risk and control agenda.

Benefits

• Medical
• Dental
• Vision
• Health Savings Account
• Life Insurance
• Disability
• Other Insurance Plans
• Paid Time Off (including Sick Leave, Parental Leave and Vacation)
• Holidays
• 401(k)
• Incentive compensation plan
• Discretionary bonus component
• Banking benefits
• Benefits program
• Vacation offering
• Wellbeing support
• MomentMakers, our social, points-based recognition program
• Purpose Day; a paid day off dedicated for you to use to invest in your growth and development