Tech & Security Risk Oversight Manager

About The Position

Requirements

• Bachelor’s degree in computer science, cybersecurity, data science, or related field (or equivalent practical experience).
• 5+ years of experience leading, executing, and/or governing cyber/information security risk and IT risk assessment programs (or related experience).
• 5+ years of experience in technology and/or information security risk management; financial services experience (e.g., banking, payments) and regulatory exposure strongly preferred.
• Experience developing and performing data, security, and/or IT risk assessments, including documentation of conclusions and recommended remediation.
• Strong understanding of applicable financial services regulations and guidance (e.g., GLBA, Interagency Guidelines Establishing Information Security Standards, OCC/Fed/FFIEC guidance) and related privacy/breach notification obligations.
• Ability to maintain independence and objectivity in executing oversight, credible challenge, and reporting activities.
• Strong communication skills with the ability to explain technology and security risk in business terms to senior/executive leaders and cross-functional partners (IT, Information Security, Audit, Compliance/Privacy, Legal).
• Strong organizational and project management skills; ability to manage multiple priorities, deliver results, and meet milestones and deadlines.
• Demonstrated analytical capability to understand complex issues, develop meaningful analyses, and support remediation to closure.
• Demonstrated ability to work independently, prioritize effectively, and drive continuous improvement through feedback and learning.

Nice To Haves

• Advanced degree in Information Technology, Cybersecurity, Data Science, or related area.
• Relevant professional certifications (e.g., CISA, CISM, CRISC, CISSP) or equivalent.
• Working knowledge of relevant frameworks/standards (e.g., NIST CSF, NIST RMF, NIST SP 800-53, FFIEC IT Handbook, ISO 27000-series, COBIT, COSO, PCI).
• Experience providing oversight/credible challenge of TPRM, RCSA programs, and KRI design/monitoring in a regulated environment.

Responsibilities

• Provide 2LOD oversight and credible challenge of the Third-Party Risk Management (TPRM) program, with a focus on technology and information security risk.
• Review and challenge third-party technology/security risk assessments, control requirements, and remediation plans; document challenge outcomes and escalate concerns when needed.
• Partner with stakeholders to improve the quality, consistency, and timeliness of third-party risk decisions, metrics, and reporting.
• Provide oversight and challenge of security due diligence activities and the Extended Security Program for M&A.
• Assess integration and transition risks (e.g., identity and access, data protection, vulnerability management, incident response readiness) and ensure risks and dependencies are tracked through closure.
• Oversee and challenge RCSAs performed by 1LOD/business control teams for Information Security and Information Technology.
• Provide credible challenge of risk analyses, control selection, and control design/operating effectiveness evidence for topics including Information Security and Information Technology risks, privacy, and other areas that materially affect the Bank’s risk profile.
• Challenge the definition, thresholds, and monitoring cadence for technology/security KRIs to ensure risk measurement is comprehensive, accurate, and timely.
• Translate technology and security risk into clear business terms for senior leaders and governance forums; support periodic risk reporting and emerging risk updates.
• Maintain awareness of applicable regulatory requirements and industry standards related to safeguarding confidentiality, integrity, and availability of information assets (e.g., OCC/Interagency guidance, NIST, ISO, COBIT, ITIL, PCI as applicable).
• Recommend enhancements to technology and security risk frameworks, assessment methodologies, and oversight routines to improve consistency and regulatory alignment.
• Complete point-of-view (POV) risk assessments on emerging risks and targeted focus areas as assigned.
• Collaborate with Operational Risk, Compliance (Privacy), Finance, Legal, Information Security, IT, and Business Controls to drive timely execution and improve effectiveness of technology and security risk activities.
• Provide training and education to the 1st line of defense to support a fully operationalized technology and security risk management program.
• Enable cross-training and knowledge sharing across the team and stakeholders (influence without direct supervisory authority).

Benefits

• Comprehensive benefits
• Differentiated compensation offerings
• Incentive compensation plan
• Extensive benefits programs designed to support the individual needs of our employees and their families, encompassing physical, financial, emotional and social well-being.