Operational Risk Manager - Cybersecurity

About The Position

Requirements

• 4+ years risk management experience from working in financial services industry
• 4+ years demonstrated domain expertise and experience within the relevant product or services
• Experience in an organization that is under strong regulatory oversight and scrutiny
• Proven ability to develop and maintain high impact relationships with senior executives
• Expert knowledge of internal controls and risk assessment
• Deep understanding of banking products and operations; regulatory requirements; and key processes, controls, and exposure areas
• Decisiveness and sound judgment on a consistent basis
• Capacity to challenge status quo
• Influencing and conflict resolution skills
• Excellent business writing skills
• Proven leadership and management skills in a professional environment
• Proficient use of MS Word, MS Excel and PowerPoint and Visio
• Bachelor’s degree Required

Nice To Haves

• Certified Internal Auditor
• Certified Regulatory Compliance Manager
• Certified Fraud Examiner
• Certified Public Accountant
• Certified Investments Derivative Auditor
• Project Management Professional
• Certified in Risk and Information System Controls
• other relevant risk certifications

Responsibilities

• Independent oversight, review, and challenge of risk management activities within the first line of defense, including the effectiveness of the formal risk program activities (Risk and Control Self-Assessments, Issues Management, Material Risk Identification, Change Management, new business initiative risk assessments, and other formal programs).
• Advise first line risk partners on complex risk issues and challenges, while identifying and assessing aggregate enterprise-wide risks.
• Escalate emerging risk issues that require remediation and work directly with stakeholders while driving accountability.
• Maintain strong relationships with all three lines of defense, as well as the regulatory agencies.
• Understand the external environment, including emerging risks within the industry and the priorities of the regulatory agencies.
• Determine how external changes affect the risk profile of the enterprise and work with appropriate stakeholders to ensure mitigation strategies are underway.
• Participate in the cybersecurity incident response activities to ensure risks are properly assessed in real time and mitigating actions are appropriate.
• Lead or participate in root cause analysis post-incident and opine on next steps.
• Lead targeted risk assessments on emerging issues to provide an independent opinion on the impact to the enterprise.
• Operate within existing governance structures with an eye towards making these processes more efficient and effective.
• Manage applicable policy and program governance, while performing assurance activities to assess corporate wide compliance.
• Support the business with providing domain-relevant advice, monitoring, and credible expert challenge to ensure the independent Non-Financial Risk Program is effectively implemented.

Benefits

• competitive compensation
• comprehensive benefits including medical, dental, and vision coverage
• retirement benefits
• maternity and paternity leave
• flexible work arrangements
• education reimbursement
• wellness programs
• paid time off policy exceeds the mandatory paid sick or paid time away requirements of all local and state jurisdictions in the United States
• opportunity to earn an annual discretionary bonus