Director IT and Data Risk Management

About The Position

Requirements

• Bachelor’s degree in information technology, Risk Management, Data Analytics, or related field.
• 8+ years of experience in IT risk, data governance, or enterprise risk within a financial institution or regulated entity.
• 3+ years in a related leadership role, governance focus preferred
• Strong working knowledge of IT governance frameworks such as COBIT, NIST RMF, ITIL, and data governance best practices.
• Strong working knowledge of AI governance frameworks and regulations such as NIST AI Risk Management Framework, EU AI Act, US-state laws regulating AI systems, and ISO 42001.
• Experience with data governance tools or metadata platforms (e.g., Cyera, Collibra, Informatica).
• Familiarity with data privacy regulations and standards (e.g., GLBA, CCPA, ISO/IEC 38505).
• Certifications such as CISSP, CRISC, CISA, CDPSE, CGEIT, or equivalent.
• Prominent knowledge of theory and organizational experience through extensive exposure to complex practices across several different disciplines within IT governance and/or data governance.
• Technology Governance Acumen: Deep understanding of IT risk drivers, controls, and operating environments.
• Data & AI Governance Vision: Strong foundational understanding of how to stand up and mature data and AI governance capabilities.
• Strategic Execution: Skilled at translating risk vision into phased implementation plans and metrics.
• Credible Challenge: Ability to raise concerns, recommend alternative strategies, and influence decision-making across departments.
• Collaboration and Communication: Engages diverse stakeholders and communicates risk insights with clarity and confidence.
• Leverages knowledge of trends in profession and/or specialized areas to influence strategy
• Creates a sense of urgency and accountability in delivering objectives and a culture which fosters innovation and creativity
• Develops multifunctional leadership
• Coaches individuals to reach full potential, builds coaching capability in others
• Helps orchestrate talent development & movement across the business unit or function
• Leads Work effectively & regularly across functions
• Responsible for effectiveness of team(s) and performance results
• Responsible for a business process in a function of notable risk and complexity
• Directs multiple related teams or function with significant and critical organization-wide impact
• Operates with autonomy on operational matters, accountable to BU Leadership
• Limited to no revenue generation responsibilities
• Has budget responsibility
• Actively develops strategic plan for the function or business processes with VP
• Sets objectives for self and/or a team/project members
• Delivers the results that have a tangible impact for function or business process
• Adapts strategy to changing conditions
• Identifies external threats and opportunities and adapts strategy to changing conditions
• Strategic planning horizon generally 1 - 3 years
• Actively participates in building BU plan
• Applies company level financial and economic perspectives to decision making and problem solving
• Gathers and analyzes information at an expert level
• Manages the resolution of complex or unusual business problems
• Applies analytical thinking, problem identification and solving and decision making
• Implementation of solutions requires a medium-term view

Responsibilities

• IT Risk Governance Oversee the credit union’s second line IT Risk Management Framework, including risk assessments, issue oversight, control testing strategy, and governance documentation.
• Evaluate and provide challenge to first line practices related to system change management, software development, platform resilience, vendor platforms, and IT operations.
• Collaborate with IT and ERM to define key risk indicators (KRIs), support risk appetite alignment, and develop enterprise reporting for IT risk themes.
• Data Risk and Governance Development Lead the build-out of the second line enterprise Data Risk Governance Program, defining policies, roles, standards, and escalation protocols.
• Establish risk-based processes for data classification, quality, lineage, privacy, lifecycle management, and metadata governance.
• Partner with data owners, stewards, and business units to integrate risk controls into data handling and analytics processes.
• Collaborate with Legal, Privacy, and Compliance teams to support regulatory readiness for data usage, access, and storage requirements.
• AI Governance Lead the design and implementation of a comprehensive AI governance program that establishes policies, controls, and oversight mechanisms to ensure responsible development and deployment of AI across the organization.
• Coordinate cross‑functional stakeholders—including legal, compliance, data, security, and business leaders—to identify, assess, and mitigate AI‑related risks and ensure alignment with regulatory, ethical, and organizational standards
• GRC Integration and Risk Reporting Contribute to the development and automation of technology and data risk processes within the credit union’s GRC platform.
• Manage reporting routines, issue escalation protocols, and regulatory documentation for IT and data risk domains.
• Assist in the coordination of regulatory exams and internal audits related to IT governance, operational resilience, and data protection.
• Leadership and Strategic Collaboration Manage a team of risk analysts or program specialists in support of IT and data risk management objectives.
• Serve as a trusted advisor across business units and risk domains, building consensus and driving a proactive risk culture.
• Influence the design and adoption of sustainable governance practices for emerging technologies, including AI, cloud services, and automation.