Principal Technology Risk Manager

BECU•St. David's, WA

1d•Hybrid

About The Position

Is it surprising to hear that a financial institution of 1.5 million members and over $30 billion in managed assets say that success comes from focusing on people, not profits? Our “people helping people” philosophy has guided us since 1935, driving our deep commitment to serving our members, communities, and each other. When you join our team, you become part of a purpose-driven organization where your work makes a real difference. While we’re proud of our history, we’re even more excited about our future. With business and technology transformation on the horizon, there’s never been a better time to be part of BECU. IMPACT YOU’LL MAKE: As the Principal Technology Risk Manager, you will elevate and unify BECU’s technology risk management capabilities across our full tech ecosystem. You’ll strengthen how we identify, manage, and mitigate risk—improving resilience, transparency, and risk-based decision-making across the organization. You will partner closely with Technology, Cybersecurity, and enterprise risk teams to mature frameworks, reduce vulnerabilities, and simplify remediation processes. Your work will directly influence senior leadership and Board-level insights while shaping a forward‑thinking, proactive risk culture. You’ll play a pivotal role in advancing BECU’s overall technology risk posture and operational excellence. To join our dynamic team, we require candidates to be residents of WA, OR, ID, AZ, TX, GA, SC, NC, CA or VA. If you’re located in Washington state and within a reasonable driving distance from Tukwila, we are requesting that you come into our HQ on Tuesdays & Wednesdays. For those candidates that live outside the commute distance of TFC and in any of our approved remote work locations, this role will be remote. Remote or onsite, we are committed to ensuring you are fully engaged and included in our collaborative environment. This isn’t just about ticking off tasks on a list. It's about making a significant, positive change in BECU’s journey, where your contributions are valued, and your growth is continually fostered. WHAT YOU’LL GAIN: Enterprise‑level impact: Influence decisions made by senior leadership and the Board as you strengthen BECU’s technology and enterprise risk posture. Modern risk innovation: Shape forward‑looking risk frameworks, vulnerability models, and proactive methodologies. Deep technical growth: Expand your exposure across coding practices, architecture, vulnerability management, and tech stack risk assessment. High‑trust collaboration: Work closely with Cybersecurity, Engineering, Risk, and Audit leaders across the credit union. Strategic ownership: Lead initiatives with autonomy while benefiting from strong executive and organizational support. Career acceleration: Gain experience in Board reporting, regulatory engagement, and enterprise‑level governance. Purpose‑driven work: Contribute to a values‑aligned mission focused on protecting members and enabling a resilient, secure technology organization.

Requirements

Bachelor’s degree in risk management, Computer Science, Information Security or related field, or equivalent experience required.
Minimum 10 years of technology risk management in a tech organization with related experience in the financial services industry.
Experience assessing risk related to software code required.
Minimum 3 years of experience leading teams or programs involving controls, risk, remediation, and operational governance for a technical team.
Knowledge of coding practices and the ability to assess risk based on that knowledge required.
Experience assessing the unique risks and vulnerabilities of a tech stack and creating controls to mitigate those risks required.
Experience working independently and as a team member while using discretion in decision making and sound judgment in problem solving is required.
Experience in leadership, negotiation, and management skills required.

Nice To Haves

Advanced knowledge of all state and federal regulations pertaining to Credit Union functions is strongly preferred.
Prior leadership of enterprise vulnerability programs, audit management functions, or risk councils preferred.

Responsibilities

Vulnerability Governance Leadership: Lead the design and execution of a unified vulnerability risk framework that streamlines grouping, strengthens remediation cycles, and reduces recurring issues across applications and systems.
Cross‑Functional Remediation Partnership: Partner with Cybersecurity, Tech Infrastructure & Operations, and system owners to drive sustainable remediation, support SLA adherence, and promote structural, long-term solutions.
Technology Audit Readiness Management: Serve as the central point of coordination for technology audits, ensuring consistency in interpretation, response, evidence collection, and remediation activities.
Code‑Based Risk Assessment: Apply your understanding of coding practices and system architecture to evaluate risks across tech stacks and recommend controls that improve stability, security, and resilience.
KRI Development & Alignment: Collaborate with technology and risk leaders to build, refine, and monitor Key Risk Indicators (KRIs) that align to the Board‑approved Enterprise Risk Appetite.
Executive & Board Reporting: Develop and deliver clear, actionable risk reporting that translates performance, exposures, and emerging risks for Executives, the Board of Directors, and Regulators.
Enterprise Risk & Optimization Initiatives: Lead strategic, cross‑functional initiatives that enhance risk processes, optimize operations, and inform recommendations for senior and executive leaders.
Risk Communication & Coordination: Partner with ERM, Compliance, Legal, Cyber, Fraud, and Internal Audit teams to ensure visibility into emerging risks and strengthen mitigation strategies.
Third‑Party Risk Collaboration: Work with Vendor Management and Technology owners to ensure external partners meet BECU’s operational, security, and risk management expectations.
Regulatory Engagement & Readiness: Ensure regulatory reporting accuracy, prepare teams for examinations, and represent Technology in conversations with regulators and Board committees.
Strategic Tech Risk Stewardship: Take on additional responsibilities that elevate BECU’s risk posture and support long-term organizational resilience.