Principal Operational Risk Analyst (Technology Risk)

About The Position

Requirements

• Bachelor’s Degree in Liberal Arts, Business Administration, Auditing, Technology / Engineering, Management, or other related fields, or equivalent combination of education and experience
• 7-10 years of experience in risk management, compliance, or governance functions
• Subject matter expert in operational risk frameworks, scenario analysis, and emerging risk trends
• Significant expertise in risk identification, analysis, and mitigation strategies across multiple business functions
• Develops and enhances risk assessment frameworks and methodologies, including RCSA
• Leads the development of risk reporting, dashboards, and key risk indicators (KRIs)
• Partners with senior leadership to provide strategic guidance on risk trends and mitigation strategies
• Significant knowledge of federal and state regulatory requirements and industry best practices
• Significant experience managing large-scale risk initiatives and process improvement efforts
• Significant expertise in operational and regulatory risk control concepts and practices
• Advance project management skills to drive enterprise-wide risk initiatives
• Strong leadership, problem-solving, and decision-making abilities
• Proven ability to align risk management strategies with business objectives
• Significant experience engaging with senior leadership and regulatory stakeholders on risk-related matters

Nice To Haves

• Master’s degree in Computer Science, Information Technology, Engineering, or a related technical field or equivalent combination of training, education and experience
• Significant experience in Financial Services, First, Second (ERM, ORM), and/or Third Line Risk Management, or Consulting experience
• Significant Cybersecurity & IT Governance experience
• One or more of the following designations, Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC), Project Management Professional (PMP) or Certified Information Systems Auditor (CISA)

Responsibilities

• Design and execute risk assessment frameworks across multiple Operational Risk domains, ensuring alignment with regulatory requirements, industry best practices, and internal policies.
• Lead the execution of ORM programs, including RCSA, Business Resiliency assessments, and Issue and Event Management validation, ensuring comprehensive risk identification and mitigation.
• Conduct in-depth analysis to assess enterprise-wide risk exposure, identifying emerging threats, control weaknesses, and areas for process optimization.
• Synthesize and interpret complex risk data, developing actionable insights and recommendations for senior management.
• Oversee risk testing, validation, and remediation activities, ensuring continuous improvement of risk controls and compliance with regulatory requirements.
• Collaborate with business leaders to enhance risk awareness, implement control enhancements, and drive risk-informed decision-making.
• Monitor Key Risk Indicators (KRIs), ensuring proactive risk monitoring and reporting across business units.
• Lead the development and refinement of ORM-related Policies, Instructions, and Standards, ensuring enterprise-wide consistency and compliance.