Director - IT Risk Management

About The Position

Requirements

• Bachelor’s degree in information technology, cybersecurity, risk management, computer science, or related area
• 10+ years of experience in IT risk management, cybersecurity, or related fields, including at least 5 years in a people management role with direct supervisory responsibilities
• Hands on experience implementing IT risk management frameworks such as NIST CSF or COBIT) in the insurance or financial services industry
• Strong ability to evaluate complex IT environments and effectively communicate risk in clear business-related terms
• Knowledge of: Property/casualty insurance industry operations and relevant regulatory requirements (e.g. NAIC Model Law, PCI-DSS)
• Internal controls and core IT technologies and processes (e.g. network systems, operating systems, databases, change control tools and processes, computer systems operations, application and system development, help desk and incident monitoring, information security, data backup, retention and recovery, IT vendor management, asset management, disaster recovery
• Strong written and verbal communication skills
• Strategic thinking and business acumen
• Sound judgement and decision-making in uncertain or evolving conditions
• Experience leading and developing teams
• Clearly present complex issues, especially when translating between third line or external audit/assurance teams and first line risk and controls owners
• Influence and collaborate with stakeholders across various levels of management
• Identify, assess, and prioritize IT risks effectively
• Manage multiple tasks and work collaboratively across teams
• Communicate risk insights and updates to business and IT leadership, boards, committees, and other key stakeholders

Nice To Haves

• Master’s degree in Information Technology, Cybersecurity, Risk Management, Computer Science, or related area; MBA also considered
• One or more of the following professional certifications such as CISA, CISM, CRISC, or CISSP are strongly preferred
• 8+ years of experience leading a team of IT professionals
• 8+ years in planning, designing, and implementing IT systems
• Practical Experience with:
• IT risk frameworks (e.g. NIST CSF, COBIT) in the insurance or financial services industry
• IT systems and technologies including ServiceNow, Saviynt, Workday, SAP, Salesforce, Guidewire
• IT risk management for emerging technologies such as AI, machine learning, cloud computing, process automation, data analytics, etc.

Responsibilities

• Develop and implement risk management policies, standards, and processes
• Ensure alignment with company objectives and regulatory requirements
• Testing and monitoring of 1st line access reviews for general users, privileged users, and passwords
• Manage internal and external IT risk assessments
• Manage a team of risk professionals, ensuring continuous training and development
• Report key performance/risk indicators to senior leadership
• Quantify risk appetite and mitigation plans related to IT systems
• Collaborate with IT to maintain an IT risk register and identify risk ownership
• Assemble stress scenarios related to IT risks
• Identify emerging threats, technologies, and regulations
• Conduct training to company stakeholders on IT risk
• Contribute to Enterprise Risk Management team’s reporting and processes (e.g. key risks, watch list risks, AI Systems Program)
• Manage a team of professionals dedicated to assessing, monitoring and reporting on IT risk across the organization.

Benefits

• 401k Match
• Medical
• Dental
• Vision
• PTO
• Paid Holidays
• Tuition Reimbursement