IT Business Controls Manager - Digital Channels

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Cyber Security, Software Engineering, management, finance, economics, or a related field, or equivalent experience; Master’s Degree preferred.
• 5–10 years of financial services industry experience in risk, business controls, technology risk, or compliance.
• Strong understanding of digital banking platforms, cloud computing, and AWS-based architectures.
• Experience partnering with or supporting cloud development, digital engineering, or product management teams.
• Ability to identify, assess, and challenge risks related to cloud security, resiliency, SDLC, DevOps, APIs, and third-party services.
• Strong leadership, critical thinking, and collaboration skills.
• Ability to influence peers and leaders across business, technology, and product organizations on complex, technical, or sensitive topics.
• Strong analytical skills with the ability to interpret and apply policies and regulations across a large, complex, technology-driven organization.
• Broad working knowledge of banking products, operations, and digital delivery models.
• Excellent presentation, communication, and interpersonal skills.
• Working knowledge of Microsoft products and experience with risk reporting tools preferred.

Nice To Haves

• AWS Certified Solutions Architect or AWS Certified Security – Specialty
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Cloud Security Professional (CCSP)
• Certified in Risk and Information Systems Control (CRISC)
• ITIL, COBIT, or other technology risk or governance-related certifications

Responsibilities

• Establishes processes that include first line of defense risk limits, with policies ensuring that risks associated with digital channels, cloud platforms, and AWS-based solutions are effectively identified, measured, monitored, and controlled, consistent with the Bank’s and LOB’s risk appetite statements and concentration risk limits.
• Helps define digital and cloud risk strategies and implements controls, policies, and procedures to increase effectiveness and efficiency across cloud development, platform operations, and digital product delivery.
• Influences senior business, product, and technology leaders to ensure enforcement of strong risk and governance practices while balancing digital strategy and innovation.
• Implements and communicates the organization’s mission, goals, and strategies regarding business controls within the Enterprise Risk Management (ERM) framework, with particular emphasis on technology, platform, and product risk.
• Proactively manages relationships with other internal business control groups and the Second and Third Lines of Defense (including Compliance, Legal, Enterprise Risk, Cybersecurity, and Audit), and represents the LOB or function on appropriate Bancorp Risk and Technology Governance committees.
• Highlights control breakdowns related to cloud architecture, AWS configurations, SDLC, DevOps pipelines, resiliency, and data protection, and implements corrective actions to remediate deficiencies.
• Quickly and efficiently resolves issues raised by the Second and Third Lines of Defense and external auditors, particularly those related to cloud, digital, third-party, and technology risks.
• Leverages strong regulatory knowledge to ensure compliance with all applicable laws, regulations, standards, and requirements, including but not limited to OCC Heightened Standards, as applied to digital and cloud-based delivery models.
• Executes organizational design and effectiveness to establish a structure that maximizes governance and productivity across digital platforms and cloud technologies, with appropriately skilled talent.
• Manages and provides comprehensive reporting that captures and prioritizes key digital, cloud, and platform issues resulting from the business, control functions, audit, or other internal and external sources.
• Provides guidance and training on effective implementation and monitoring of Enterprise Risk Management frameworks for digital products, cloud services, and AWS environments.
• Reviews policies for completeness and adherence to Bancorp and LOB risk appetites, including policies related to digital delivery, cloud usage, and technology governance, and ensures policies are maintained centrally in the Policy Center.
• Leads execution of regulatory change management programs impacting digital banking, cloud computing, data, cybersecurity, and technology operations.
• Reviews self-identified issues to determine alignment to the LOB or function, assigns issue ownership, provides credible challenge and approval on severity, and actively participates in issue remediation.
• Builds and oversees testing for processes applicable to digital platforms, cloud services, and AWS environments.
• Manages and identifies operational and technology risks in accordance with ERM, ensuring adequate internal controls over cloud infrastructure, application development, third-party services, and platform operations.
• Partners with business, product, and technology leaders to implement RCSA standards and procedures, ensuring quality, consistency, and sufficiency of implementation.
• Coordinates the development and reporting of risk dashboards, combining Enterprise-level data such as Key Risk Indicators with technology, cloud, and digital risk insights.
• Provides guidance to line managers in identifying and monitoring KRIs that serve as early indicators of digital platform, product, and cloud risk.
• Works with reporting teams to ensure data quality, including reconciliation issue resolution, root cause analysis, and action plan evaluation.
• Associates loss events with applicable digital and cloud risks/processes and reports operational loss trends to management.
• Provides oversight to the LOB supplier and outsourcing strategy, particularly related to cloud service providers (including AWS), SaaS platforms, and technology vendors.
• Reviews and challenges LOB business cases for outsourcing and cloud services.
• Maintains a complete and current inventory of all material digital products, cloud platforms, services, and supporting processes, with associated key risks and thresholds.
• Works with the LOB to evaluate risks associated with new digital products, cloud migrations, and strategic technology initiatives, coordinating BCRA and ERM risk reviews and ensuring completion of required documentation.
• Executes ERM Scenario Analysis with an emphasis on technology failure, cyber events, cloud outages, and third-party disruption scenarios.
• Advises on and approves Risk Acceptances identified in the LOB or function.
• Develops and manages digital product inventory and executes ERM product risk review programs.
• Performs additional responsibilities as assigned, including leadership of special projects, implementation of new regulatory or ERM programs, and participation in acquisition or strategic investment activities.
• Responsible for providing employees timely, candid and constructive performance feedback; developing employees to their fullest potential and providing challenging opportunities that enhance employee career growth; developing the appropriate talent pool to ensure adequate bench strength and succession planning; recognizing and rewarding employees for accomplishments.

Benefits

• Comprehensive benefits and differentiated compensation offerings
• Eligible to participate in an incentive compensation plan
• Extensive benefits programs designed to support the individual needs of our employees and their families, encompassing physical, financial, emotional and social well-being.