Technology and Information Security Risk Specialist

IDBNYNew York, NY
$160,000 - $180,000Hybrid

About The Position

The Technology and Information Security Risk Specialist provides independent Second Line oversight of the Bank’s technology infrastructure, information security, and cyber risk programs. The role evaluates whether risks are appropriately identified, assessed, escalated, reported, and remediated through a practical, connected, and risk-based approach. This position strengthens the Bank’s risk posture by providing effective review and challenge, supporting risk assessments and control reviews, and connecting technology and information security risk themes to operational risk, vendor risk, change management, resilience, data management, and broader ERM processes. The role requires technical credibility, sound judgment, strong communication skills, and the ability to work effectively with First Line teams, senior leaders, auditors, regulators, Head Office, and executive stakeholders while maintaining Second Line independence.

Requirements

  • 10+ years in technology infrastructure, information security, cyber risk, IT controls, or related oversight functions, preferably within a regulated financial institution; bachelor’s degree in a related technical or risk discipline preferred.
  • Strong knowledge of technology, cybersecurity, and control environments, including cloud, applications, infrastructure, access management, resilience, NIST, NYDFS Part 500, FFIEC guidance, and related risk expectations.
  • Skilled in risk assessments, control reviews, issue management, remediation tracking, risk reporting, governance routines, and effective challenge across First, Second, and Third Line stakeholders.
  • Ability to connect technology and information security risk themes to ERM processes, including ICAAP, risk appetite, risk profile assessments, enterprise reporting, AI, automation, and other emerging technology risks.
  • Experience using GRC tools and managing technology or security-related projects, technical teams, and cross-functional workstreams with clear ownership, deadlines, reporting, and follow-through.
  • Strong analytical, writing, documentation, executive communication, professional judgment, independence, and ability to produce clear, defensible work for senior management, committee, audit, or regulatory review.

Nice To Haves

  • CISSP, CISM, CISA, CRISC, CEH, or equivalent certifications are strongly preferred.

Responsibilities

  • Second Line Oversight and Challenge — Provide independent oversight, ongoing monitoring, and effective challenge of First Line technology infrastructure, information security, and cyber risk programs, including governance, controls, execution, reporting, and residual risk.
  • Risk Assessments and Control Reviews — Lead and review risk assessments, RCSAs, control testing, issues, remediation plans, KRIs/KPIs, policies, procedures, evidence, and supporting analysis.
  • Framework and Program Connectivity — Develop and enhance the Second Line framework for technology and information security risk and assess connectivity to operational risk, vendor risk, change management, resilience, data management, and enterprise controls.
  • Project, Change, and Emerging Technology Risk — Identify, assess, and report risks related to significant projects, new activities, vendor relationships, control changes, AI, automation, and other emerging technologies.
  • Reporting and Enterprise Risk Support — Develop KRIs/KPIs, prepare clear materials for management, committee, audit, board, and regulatory discussions, and provide input for ICAAP, risk appetite, risk profile assessments, and ERM routines.
  • Stakeholder Engagement — Coordinate with audit, regulators, Head Office, First Line technology and security teams, the CISO function, IT Operations Risk, Vendor Management, business lines, and executive stakeholders while maintaining Second Line independence.
  • Training and Work Product — Support targeted risk awareness efforts and produce clear, defensible work that connects facts, risks, controls, dependencies, and conclusions.

Benefits

  • eligibility for an annual bonus
  • medical
  • pharmacy
  • dental
  • vision plans
  • life and disability insurance
  • employee wellness program
  • retirement and savings plans with employer contributions
  • generous holiday and paid time off schedules
  • parental leave
  • tuition reimbursement
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service