Director, Technology Risk and Business Continuity

United Nations Federal Credit UnionNew York, NY
$150,000 - $200,000Hybrid

About The Position

Oversee IT, Information Security, and Business Continuity/Disaster Recovery (BCP/DR) risks across the credit union. Partner with technology and business leaders within the three lines of defense framework to provide independent oversight and advisory support, ensuring technology risks are effectively managed and aligned with the organization's risk appetite, regulatory expectations, and strategic objectives. Serve as the primary liaison between Enterprise Risk Management and technology leadership to promote transparency, resilience, and informed risk-based decision-making.

Requirements

  • Bachelor's degree in Risk Management, Information Systems, or related field
  • 10+ years of experience in a financial services environment with exposure to regulated environments, including a minimum of 4 or more years in a second line or commensurate risk function
  • Experience in technology, cyber, and operational resilience risk management, including regulatory compliance, risk identification, monitoring, issue management, risk reporting, and cross-functional collaboration with business partners.
  • Demonstrated ability to provide independent challenge to senior stakeholders, translate technical risks into business and financial impacts
  • Strong knowledge of enterprise risk management, financial services regulations (e.g., NCUA, FFIEC, OCC), the three lines of defense model, and technology, cyber, and emerging AI risk frameworks (e.g., NIST, ISO, COBIT).
  • Proficient in Microsoft Office, particularly Excel, with sound risk judgment, analytical skills, and the ability to provide independent, objective oversight.
  • Strategic thinker with strong digital, cyber, and AI risk awareness, capable of balancing governance, partnership, and practical business solutions.
  • Exceptional executive communication and influencing skills, with the ability to build relationships and drive outcomes without direct authority, including presenting to senior leadership and the Board.

Nice To Haves

  • Technology Risk Management experience
  • Excellent communication skills

Responsibilities

  • Provide independent second-line oversight of Information Technology, Information Security/Cyber, AI, technology resilience, and infrastructure risks, ensuring effective governance across the organization.
  • Assess and challenge first-line risk assessments, control effectiveness, and mitigation strategies related to core systems, cloud adoption, data management, AI, automation, and third-party technology risks.
  • Provide independent oversight of AI governance, including AI use cases, model lifecycle controls, decision-support frameworks, and risks such as bias, explainability, data integrity, and misuse.
  • Partner with technology and business leaders to ensure AI initiatives align with regulatory requirements, governance standards, ethical principles, and effective management of financial, operational, and reputational risks.
  • Partner with Information Security leadership to provide independent oversight of cyber risk management, including security incidents, identity and access management, data protection, threat and vulnerability management, and alignment with regulatory and industry standards.
  • Provide independent oversight of the organization's Business Continuity and Disaster Recovery (BCP/DR) frameworks, including scenario design, testing effectiveness, recovery objectives (RTO/RPO), and operational resilience.
  • Partner with first-line technology leadership to review and challenge BCP/DR strategies, testing results, remediation efforts, and readiness for technology failures, third-party disruptions, and other resilience scenarios.
  • Develop and maintain the technology and operational resilience risk framework, including key risk indicators (KRIs), thresholds, and enterprise-wide risk integration.
  • Monitor and escalate material IT, cyber, and resilience risks to executive leadership and the Risk Management Committee through effective reporting and governance.
  • Serve as the primary Enterprise Risk Management liaison to IT leadership, business lines, and operational teams, fostering effective collaboration and risk governance.
  • Provide independent second-line oversight by challenging first-line risk ownership and supporting key governance forums, including technology, product, and incident management committees.
  • Partner with first-line stakeholders to identify technology-related issues, validate root causes and remediation plans, and monitor corrective actions through resolution.
  • Support the Issue Management Program by ensuring technology risks are documented, tracked, and resolved in compliance with regulatory requirements and the organization's Code of Ethics and Business Conduct.

Benefits

  • Compensation is commensurate to geographic location.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service