Technology Risk and Governance

About The Position

Requirements

• Experience leading technology risk, IT risk, cyber/operational risk, or technology governance in a regulated environment.
• Demonstrated ability to design and implement risk frameworks and governance processes, including assessment, prioritization, remediation tracking, and risk acceptance.
• Broad technical knowledge across enterprise IT (infrastructure, applications, identity and access management, cloud/SaaS, and data governance) and how controls mitigate risk.
• Strong stakeholder management skills with a track record of influencing senior leaders and driving outcomes across Technology, Compliance, Legal, and Internal Audit.
• Excellent written, verbal, and presentation skills; able to communicate complex technical risk issues clearly to executives and governance committees.
• Experience in developing and defining enterprise risk level appetite, tolerance thresholds, and escalation criteria.
• Ability to challenge control owners constructively and drive accountability and remediation.

Nice To Haves

• Familiarity with industry regulations and standards (SOX, PCI, DORA) and technical frameworks (e.g., NIST, ISO 27001) and attack frameworks (e.g., MITRE ATT&CK or similar).
• Experience interacting directly with regulators, auditors, and board risk committees.
• Understanding of secure software development and application security risks

Responsibilities

• Own the enterprise technology risk framework and governance model, aligned to the organization’s enterprise risk framework.
• Provide advisory support for material technology decisions (new systems, products, vendors, and significant changes), translating technical and control issues into business impact.
• Establish clear governance and reporting for senior management and committees on material IT, cyber, third-party, and emerging technology risks, including key risk indicators and metrics.
• Design and continuously improve technology risk assessment and control evaluation processes, including remediation tracking and governance for risk acceptance, waivers, and exceptions.
• Lead and mature AI risk governance in partnership with IT, Security, Compliance, and the business.
• Support enterprise data governance initiatives (classification, retention, and handling) in collaboration with Technology and business stakeholders.
• Own the technology risk policy suite and standards, ensuring they are implemented, reviewed regularly, and supported through training and awareness.
• Oversee technology aspects of third-party risk, including onboarding due diligence, review of assurance (e.g., SOC reports), remediation tracking, and ongoing monitoring in partnership with Compliance and procurement stakeholders.
• Partner with Cyber Security to ensure threat, vulnerability, patch, and incident risk governance aligns to the current threat landscape and control expectations.
• Drive operational resilience for technology services, including business continuity planning, crisis/incident governance, root-cause analysis, and lessons learned.
• Support client, regulator, and internal audit engagements related to technology risk, including responses to inquiries and evidence of control design and effectiveness.

Benefits

• base salaries and annual discretionary bonuses
• robust benefits package