Sr. Cybersecurity Operational Risk Officer

About The Position

Requirements

• Bachelor’s degree in business, finance, technology, or economics or commensurate/relevant degree is required.
• Minimum of 5 years industry experience, within Operational Risk, Enterprise Risk, Technology Risk, Information Security Risk, External/Internal Audit or in the technology or information security lines of business.
• Outstanding active listening skills
• Demonstrated ability to work with internal and external auditors and regulators.
• Ability to think strategically coupled with the ability to drive to execution
• Ability to view risk holistically within a dynamic, fast paced team environment
• In-depth practical knowledge of internal controls, risk assessments and operational and compliance processes, and applicable techniques for implementation of compliance and legal requirements and operational processes.
• Familiarity with Microsoft Office tools such as Excel, Teams, and the proven ability to learn how to use other unique technologies.
• Capable of conducting in depth testing of systems, processes and controls
• Manage workflows and task assignment to ensure timely completion of work
• Have an execution oriented, process efficiency and continuous improvement mindset
• Possessing intellectual curiosity and a passion for seeking to understand
• Proven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practices
• Applicable certifications such as: ISACA: CISA, CRISC, CET, CGEIT, CISM ISC2: CISSP, CCSP, SSCP Cloud Security Alliance Certs: CCAK Cloud Provider-Specific Certifications

Nice To Haves

• MBA, Law Degree or other relevant advanced education
• Current and practical knowledge of Technology and/or Information Security activities, challenges, and workflows
• Additional industry certifications such as those listed above
• BS or Masters in Technology or Security related field
• Foundational knowledge of Archer GRC preferred
• Project management, Agile experience preferred
• Tactical Skills
• Demonstrated experience working with regulatory agencies, guidelines and requirements
• Strong ability to work with all levels of management within the company
• Experience working/managing projects across multiple functional areas and dealing with multiple business partners
• Experience working on initiatives that require strategic planning/thinking
• Flexibility to switch priorities based on the needs of the company in a fast-paced environment
• Ability to grasp complex processes quickly and be able to identify risks and compensating controls
• Excellent problem-solving abilities and results oriented; able to make decisions independently
• Proven ability to work as a team
• Strong leadership skills and ability to influence others
• Sound understanding of compliance and operational risks and internal control frameworks
• Strong analytical/research skills coupled with ability to effectively summarize findings
• Excellent oral, written and interpersonal skills
• Ability to adapt to change and communicate changing requirements
• Excellent organizational skills and meticulous attention to detail
• Self-motivated
• Proficient PC skills with experience in Microsoft Office, Outlook and, SharePoint
• Personal Skills
• Adaptability: Demonstrates a willingness to listen to other opinions and adjusts to new or changing assignments, processes, and people while avoiding snap reactions
• Agile Mindset: Explains specific agile processes and its associated checkpoints and deliverables and applies major agile tools and techniques to accomplish tasks; understands that failures/defects equate to new learnings
• Collaboration: Demonstrates experience in participating in productive collaborative processes that help solve business problems and meet business goals
• Problem Solving: Demonstrates the ability to examine a specific problem and understand the perspective of stakeholders; uses fact-finding techniques to identify and document specific problems
• Practical Skills
• Business Acumen: Participates in business tasks to get things done in own business unit and communicates key considerations for business decision-making processes
• Data Analysis: Identifies correlations that reveal trends and determine conditions, often with disparate data sets; Evaluates the quality of data collected and the effectiveness of data analysis methods for evaluating performance
• Oral & Written Communication: Possesses the ability to adapt listening and facilitation style to others’ communication styles and uses various approaches appropriately and effectively
• Risk Management: Implements or manages risk management for own business unit and documents key steps of the risk management process and associated procedures
• Systems Thinking: Analyzes the dynamics of a system to determine key characteristics, properties, and functions; surfaces problems within systems and searches for root causes while leveraging a foundational knowledge of continuous improvement
• Core Competencies
• All KeyBank employees are expected to demonstrate Key’s Values and sustain proficiency in identified Leadership Competencies.

Responsibilities

• Evaluate risk and control identification within key processes and perform gap assessments on control coverage as well as first line of defense identification processes
• Collaborate with leaders to gain insights on operational performance, emerging risks and strategic initiatives while identifying opportunities for improvement.
• Evaluate and monitor projects, strategic initiatives, and new technologies to ensure alignment with risk tolerance and business goals.
• Review risks, controls and, conduct assessments to support effective oversight and compliance with risk management requirements.
• Oversee the technology portfolio, assessing projects and initiatives to ensure alignment with risk appetite and adequate mitigation strategies.
• Support and enhance the overall risk oversight framework by developing and updating oversight practices.
• Partner with various teams to influence the implementation of operational practices to mitigate risk within appetite.
• Provide expert advice on risk management practices, offering practical solutions to mitigate identified risks.
• Analyze and assess risks associated with new products or services including third parties.
• Assist with audits and regulatory examinations, ensuring through and timely responses to inquiries and findings.
• Foster positive relationships with business partners and senior management ensuring open communication on risk matters.
• Escalate and report any significant risk issues and facilitate appropriate corrective actions.
• Perform ongoing monitoring of emerging risks, industry and regulatory trends.