Director, Technology Risk

About The Position

Requirements

• Proven experience collaborating with cross functional and global teams, managing multiple stakeholders, and navigating various regulatory environments.
• Ability to manage multiple priorities, deliverables, and initiatives simultaneously in a fast-paced environment.
• Proactive and curious mindset, with the ability to engage broadly across the business while maintaining focus on core responsibilities.
• Experience advocating for policy and procedure enhancements when necessary.
• Strong ability to identify opportunities for improvement and driving continuous enhancement.
• Familiarity with enterprise risk and control frameworks such as ISO, NIST CSF, COBIT, CRI, FAIR or other equivalent International standards.
• Experience working with, and presenting to, senior management and governance forums, including executive level and Board adjacent committees.
• Excellent verbal and written communication abilities, with the ability to translate complex technology risk topics into concise, executive ready messaging.

Nice To Haves

• Preferably some experience in First and Or Second Line of Defence risk roles, providing independent oversight

Responsibilities

• Provides independent Second Line oversight and constructive review of regional operational resilience and security risks, technology product and security risk assessments and risk assessments related to material product / technology changes and significant third-party or outsourcing arrangements.
• Provides Second Line oversight across key technology control areas in support of regional governance, including reviewing control design, assessing operating effectiveness, and examining control testing results and assurance outcomes. Escalates and monitors material control deficiencies / remediation delays and risk acceptance items where residual risk exceeds tolerance until closure.
• Oversees the development of technology and security risk metrics, ensuring they are meaningful and outcomes focused, and aligned with approved risk appetite and tolerance thresholds.
• Ensures technology teams develop a regionally relevant strategy and policies / standards, supporting risk reduction and promoting the implementation of robust IT and security controls.
• Support the creation and evolution of a robust technology risk framework in line with the Enterprise Risk Management framework and the Operational Risk Framework and ensure its regional adoption. This includes developing policies, standards, procedures and / or guidelines setting out Second Line expectations of the First Line.
• Review and support local technology risk processes, ensuring its alignment with the Group technology risk framework and its alignment with local regulatory needs.
• Provides support and validation of the global technology control framework in coordination with Group First Line of Defence Technology and Security Risk teams.
• Acts as the Technology Risk representative at regional governance forums, risk committees, and senior management discussions, providing clear, evidence-based insights to support effective decision making.
• Reviews the effectiveness of technology risk reporting inclusive of technology key risk indicators and risk acceptance to management and governance committees and promotes alignment with Group standards.
• Supports regulatory examinations where required, on matters related to technology and security risk and controls, and reviews and supports other technology related submissions to regulatory authorities.
• Maintains awareness of evolving regulatory and supervisory expectations related to technology risk, cyber security, operational resilience, and third-party risk.

Benefits

• insurance (including medical, prescription drug, dental, vision, disability, life insurance)
• flexible spending account and health savings account
• paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave)
• 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire
• 10 annual paid U.S. observed holidays
• 401k with a best-in-class company match
• deferred compensation for eligible roles
• fitness reimbursement or on-site fitness facilities
• eligibility for tuition reimbursement