Director IT Embedded Risk

About The Position

Requirements

• Minimum of 10 years of related experience
• Bachelor's degree preferred and/or equivalent experience
• 10+ years of experience in infrastructure risk, infrastructure engineering, cybersecurity, or a related discipline.
• Strong understanding of enterprise infrastructure domains, including networks, servers, storage, endpoints, data centers, and hybrid cloud environments.
• Experience designing, assessing, or overseeing infrastructure controls and driving remediation in audit or regulatory-driven environments.
• Knowledge of core cybersecurity practices, including vulnerability management, incident response, access management, and data protection.
• Ability to define, interpret, and communicate KPIs, KRIs, and KCIs to technical, business, and governance stakeholders.

Nice To Haves

• Experience in financial services and familiarity with FFIEC and other relevant U.S. regulatory standards.

Responsibilities

• Support the ongoing enhancement of the infrastructure risk and control environment by helping identify emerging risks, monitor changes in exposure, and elevate significant control concerns.
• Provide advisory support and effective challenge to infrastructure leadership and teams on control design, control effectiveness, and risk mitigation approaches.
• Collaborate with Information Security and other partners to ensure infrastructure risks, control priorities, and remediation activities are assessed, communicated, and governed effectively.
• Serve as the embedded risk advisor to IT Infrastructure leadership, providing credible challenge and practical guidance on strategic priorities, control decisions, and risk acceptance.
• Oversee risk and control activities across enterprise infrastructure domains, including networks, servers, storage, endpoints, data centers, and hybrid cloud platforms.
• Influence and strengthen infrastructure risk practices related to vulnerability management, incident response, access controls, data protection, and operational resilience.
• Partner across engineering, security, operations, and business teams to support the secure, stable, and high-performing delivery of critical technology services.
• Lead the development, enhancement, and monitoring of infrastructure controls, standards, procedures, and remediation plans in support of regulatory, audit, and policy requirements.
• Partner with Capability Owners to complete RCSA activities for IT Infrastructure, ensuring risks, controls, and remediation priorities are appropriately identified, assessed, documented, and escalated.
• Own and report key risk and control metrics, including KRIs and KCIs, to support transparency, decision-making, and accountability.
• Represent IT Infrastructure in governance forums, management committees, audits, and regulatory interactions as a senior point of contact for embedded risk matters.
• Provide strategic people leadership by setting direction for the team, building organizational capability, developing talent, and driving a culture of accountability, collaboration, and high performance.
• Support modernization, automation, and continuous improvement initiatives while helping ensure service quality and operational efficiency.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.