Director, Technology Risk Management

About The Position

Requirements

• Minimum 10 years of experience in Technology Risk, Cybersecurity, IT Audit or related disciplines within financial services or regulated environments.
• Proven experience operating in or alongside first line technology functions, with strong business partnership orientation.
• Demonstrated success in evolving risk programs to strategic, insight-driven functions.
• Deep understanding of technology risk domains, including: Cloud and infrastructure risk, Cybersecurity and data protection, Third-party/vendor risk, and AI/emerging technology risk.
• Strong knowledge of regulatory frameworks (FFIEC, NIST CSF, SOX ITGC).
• Ability to translate complex technical risks into clear, concise executive-level reporting.
• Strong judgement, with the ability to balance risk management with business enablement.
• Proven ability to lead and develop high-performing teams.
• Strong stakeholder management skills, with experience engaging senior leadership and regulators.
• Able to drive accountability, foster collaboration, and promote a culture of continuous improvement.

Nice To Haves

• Relevant certifications (e.g., CISA, CRISC, CISSP).

Responsibilities

• Leads execution of the Technology Risk Management framework, aligned to industry standards (e.g., NIST CSF, FFIEC, SOX ITGC).
• Translates regulatory expectations into pragmatic, delivery-aligned controls and practices across Technology and Product teams.
• Drives definition, operationalization, and monitoring of technology risk appetite, tolerances, and KRIs.
• Oversees enterprise-wide identification and assessment of technology risks across: Cloud and Infrastructure, Cybersecurity and data protection, AI and emerging technologies, and Third-party/vendor ecosystems.
• Delivers data-driven risk insights and reporting, that clearly articulate risk posture, trends, and emerging risks to senior leadership.
• Evolves risk reporting from static outputs to forward-looking, decision-enabling intelligence.
• Drives continuous improvement of control maturity to meet regulatory expectations, including sustained SOX ITGC effectiveness.
• Partners with Technology teams to design and implement scalable, automated controls.
• Ensures timely and high-quality execution of regulatory exams, internal audits, and remediation commitments.
• Oversees end-to-end issue management lifecycle, including identification, prioritization, root cause analysis, and sustainable remediation.
• Drives accountability for timely remediation of high-risk issues and reduction of aged items.
• Ensures systemic fixes over point-in-time remediation.
• Leads adoption of automation and tooling to enhance risk identification, monitoring, and reporting
• Evaluates and improve end-to-end technology processes to reduce risk, increase resilience, and enhance operational efficiency.
• Promotes integration of risk management into SDLC, product development, and change management processes.
• Establishes governance and risk oversight for AI and emerging technologies, ensuring alignment with internal standards and evolving regulatory expectations.
• Assesses risks associated with new technology initiatives and provide actionable guidance to enable safe adoption.
• Serves as a trusted partner to Technology and Business leaders to proactively manage risk.
• Leads engagement with Internal Audit, External Audit, and second line of defense functions.
• Builds and develop a high-performing team, fostering a culture of ownership, transparency, and continuous improvement.
• Performs other duties as assigned.

Benefits

• health
• dental
• vision
• life insurance
• paid time-off benefits
• flexible spending account
• 401(k) with employer match
• ESPP