Enterprise Risk Officer II

About The Position

Requirements

• To support team collaboration and time zone alignment, candidates must be based on the U.S. West Coast (such as California, Oregon, or Washington).
• Bachelor’s degree from an accredited college or university in a relevant field (e.g., Business, Finance, or related) preferred. Advanced degree or relevant certifications strongly preferred for senior-level roles.
• Minimum 5–8 years of related Risk Analysis or Banking industry experience required.
• Proficient analytical and problem-solving skills; capable of interpreting complex data and providing meaningful insights.
• Experience, knowledge and training in financial statement and tax return analysis typically resulting from a combination of education in accounting, financial and/or credit analysis or related areas.
• Experience with Governance, Risk, & Control (GRC) Tools preferred. Proficiency with Microsoft Office Suite (Excel, Word, Outlook) required.
• Effective oral, written, and interpersonal communication skills with the ability to apply common sense to carry out instructions, interpret documents, understand procedures, write reports and correspondence, and speak clearly to customers, vendors and employees.
• Strong organizational and time management abilities with attention to detail.
• Strong teamwork and relationship skills to lead collaborative efforts, foster alignment, and drive results across teams.
• Ability to take initiative and impact change within the Bank through consensus building and conflict resolution.
• Willingness to take on special projects and perform other duties as assigned, beyond core responsibilities, to support team and organizational needs.
• Commitment to continuous learning and professional development to stay current with industry standards and best practices.
• Ability to maintain authenticity and integrity in all professional interactions, ensuring trust and credibility with stakeholders.
• Capable of managing multiple priorities and meeting deadlines in a dynamic environment.
• Ability to work independently with minimal supervision and as part of a team.
• Proven ability to adapt to changing priorities and procedures.
• Current driver’s license and a vehicle with appropriate insurance coverage if required to drive while performing assigned duties and responsibilities.

Nice To Haves

• Advanced degree or relevant certifications strongly preferred for senior-level roles.
• Experience with Governance, Risk, & Control (GRC) Tools preferred.

Responsibilities

• Performs Information Security Officer (ISO) responsibilities as a governance and risk oversight function within ERM, in alignment with FFIEC, GLBA, and regulatory expectations.
• Provides second-line oversight of the Bank’s Information Security Program, ensuring appropriate policies, standards, and controls are established and maintained.
• Partners with the CTO and IT leadership to review cybersecurity risks, security incidents, vulnerability assessments, and remediation activities.
• Supports periodic Information Security Risk Assessments, ensuring results are documented, reported, and incorporated into the enterprise risk profile.
• Assists with preparation of Board- and committee-level Information Security reporting, including risk posture, trends, and material issues.
• Supports regulatory examinations, audits, and inquiries related to Information Security, cybersecurity, and IT risk governance.
• Ensures Information Security risks are appropriately integrated into ERM programs such as RCSA, Third-Party Risk Management, Incident Management, and DR/BCP.
• Owns designated ERM functions, including IT Risk and Information Security risk oversight, as assigned by the Director of ERM.
• Leads the design, execution, and continuous improvement of assigned ERM programs, ensuring technology and cybersecurity risks are appropriately incorporated.
• Evaluates risk exposures and control effectiveness independently, recommending actions to management and escalating material risks as appropriate.
• Acts as ERM’s designated representative for Information Security governance, supporting Board, management committees, audits, and regulatory interactions related to IT and cybersecurity risk.
• Leads enterprise-wide and targeted risk assessments, including inherent risk identification, control evaluation, and residual risk determination.
• Facilitates risk workshops, scenario analyses, and management discussions across business lines and support functions.
• Ensures consistency and quality in risk assessment outputs across the organization.
• Represents ERM in internal governance forums, management committees, and working groups.
• Prepares and presents ERM materials for senior management and Board-level committees, as delegated.
• Serves as a key ERM contact for internal audits, external audits, and regulatory examinations, coordinating responses and remediation tracking.
• Monitors regulatory guidance and industry developments, translating requirements into actionable ERM enhancements.
• Oversees the development of IT and Information Security risk metrics, KRIs, and dashboards, ensuring clear visibility into cybersecurity posture and emerging technology risks.
• Provides forward-looking risk insights, trend analysis, and emerging risk identification to support strategic decision-making.
• Supports risk appetite refinement and alignment with enterprise strategy.
• Mentors ERM Analysts and Risk Officer I staff by providing technical guidance, reviewing work products, and supporting professional development.
• Leads or co-leads ERM-related training sessions, tabletop exercises, and facilitated risk discussions.
• Contributes to succession planning and knowledge transfer within the ERM function.
• Supports the development and periodic review of ERM policies, standards, and governance documentation.
• Identifies opportunities to enhance ERM efficiency, automation, and data quality, including effective use of GRC tools.
• Champions a strong risk culture by promoting accountability, transparency, and proactive risk management practices.
• Embodies the TRAC Values and Critical Behaviors (Teamwork, Relationship, Authenticity, Commitment) as core principles, using them to guide daily interactions and decision-making.
• Completes administrative tasks with a sense of urgency, including required Bank Compliance Training. Responds to internal and external inquiries via email, phone, or messaging platforms in a timely and professional manner. Positively represents the Bank through ethical conduct and community involvement.
• Demonstrates an understanding of and commitment to EEO policies. Fosters a respectful, inclusive workplace by valuing cultural differences, preventing harassment of any kind, and supporting a diverse workforce.
• Ensures adherence to all Bank policies, procedures, and processes, along with applicable state and federal laws, rules, and regulations, ensuring confidentiality and data privacy while carrying out AML/CFT (Anti-Money Laundering and Countering the Financing of Terrorism) responsibilities specific to the role.
• Performs duties in an office or home office environment, involving tasks such as writing, typing, speaking, lifting moderate weights, and operating office equipment. The position requires physical activities like sitting, walking, and reaching. Reasonable accommodation can be made for individuals with disabilities to perform essential functions.
• Travels up to 10%, including but not limited to attending company meetings, training sessions, and corporate events, with travel typically being regional or local based on business needs.

Benefits

• Medical/Dental/Vision
• Life Insurance
• Paid Vacation
• 401(k) Retirement Plan
• Training & Development
• Tuition Reimbursement
• Employee Assistance Program
• Internal Job Posting & Referral Program
• Company ownership through our Employee Stock Ownership Program (ESOP)