Operational Risk Supervisor (IT)

About The Position

Requirements

• Bachelor's degree in Information Technology, Computer Science, Information Security, Risk Management, or a related field.
• Minimum of 8-10 years of progressive experience in IT, IT risk management, IT audit, information security, or a related governance, risk, and compliance (GRC) function.
• At least 3-5 years of experience in a leadership or management role, including building and managing teams.
• Demonstrated experience with Second Line of Defense (2LOD) functions or internal audit within a large, complex IT environment.
• Proven ability to conduct and lead IT risk assessments and evaluate control effectiveness.
• In-depth understanding of IT control frameworks (e.g., COBIT, NIST CSF, ISO 27001), regulatory requirements (e.g., SOX, GDPR, CCPA), and industry best practices.
• Exceptional analytical and problem-solving skills with the ability to translate technical details into business risks
• Strong leadership, interpersonal and communication skills (written and verbal), with the ability to collaborate effectively
• Ability to manage multiple priorities in a dynamic environment

Nice To Haves

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Other relevant certifications in IT audit, risk management, or information security.
• Experience working in the financial/banking industry, or other highly regulated environments is an asset
• Familiarity with AI control frameworks, data governance, and data lineage principles

Responsibilities

• Establish, recruit, and lead a high-performing team of IT risk professionals
• Partner closely with the First Line of Defense (1LOD) IT teams to deeply understand their operations, identify key IT risks, and pinpoint the most critical controls designed to mitigate those risks.
• Lead comprehensive IT risk assessments, leveraging established methodologies to evaluate the likelihood and impact of identified risks
• Develop and implement a robust methodology for 2LOD IT control testing.
• Scope, plan, and execute independent testing of IT controls to assess their design and operating effectiveness.
• Analyze the results of control testing, identify control deficiencies, and provide clear, actionable feedback to 1LOD teams on the effectiveness of their controls - highlighting both strengths and areas for improvement.
• Ensure that IT controls are thoroughly documented, accurately reflect operational practices, and are actively utilized by the 1LOD.
• Monitor and provide oversight on remediation efforts for identified control gaps.
• Contribute to the ongoing development and refinement of Ford's IT risk management framework, policies, and procedures, aligning with industry best practices and regulatory requirements.
• Build strong relationships with IT leadership, internal audit, compliance, and other risk functions to promote a cohesive and integrated approach to risk management.