Technology Risk Director- Enterprise Engineering

About The Position

Requirements

• 12+ years of progressive experience in IT risk management, information security, or internal audit, including 5+ years in a senior leadership role.
• Demonstrated executive leadership experience, including building and developing high-performing risk teams in complex, regulated environments.
• Comprehensive expertise in risk frameworks including CRI Profile, NIST 800-53, NIST CSF, COBIT, and ITIL, with a track record of applying them at an enterprise scale.
• Deep familiarity with regulatory expectations and supervisory frameworks applicable to regional banks (OCC, Federal Reserve, FDIC).
• Exceptional communication and influencing skills; proven ability to present risk strategy and findings to Board-level and executive audiences.
• Experience leading large-scale regulatory examinations, audit engagements, and enterprise-wide corrective action programs.
• Proven ability to set strategic direction, manage organizational priorities, and deliver results in a fast-paced, evolving environment.
• Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required; Master's degree (MBA, MS in Cybersecurity, or equivalent) strongly preferred.

Nice To Haves

• Prior experience as a risk director or equivalent executive in a federally regulated financial institution.
• Track record of building or transforming enterprise-level technology risk programs.
• Strong network within the financial services risk and technology community.
• One or more of the following certifications are preferred: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) CISA (Certified Information Systems Auditor)

Responsibilities

• Lead and oversee the Technology Risk Management function, providing strategic direction to a team of risk professionals and fostering a culture of accountability, excellence, and continuous improvement.
• Develop, implement, and continuously evolve a comprehensive technology risk management strategy and framework aligned with enterprise risk appetite, regulatory expectations, and industry best practices.
• Oversee the identification, assessment, monitoring, and reporting of technology and security risks across systems, applications, infrastructure, and processes.
• Serve as the primary executive liaison for regulatory examinations, internal audits, and supervisory engagements related to technology and security risk, ensuring effective coordination and high‑quality outcomes.
• Define and maintain technology risk policies, standards, control libraries, and assessment methodologies to support consistent and scalable risk management practices.
• Partner with senior technology leaders, business executives, compliance, audit, and governance teams to embed risk management into strategic planning and decision‑making.
• Provide clear, actionable, executive‑level risk reporting and insights to the Risk Committees and senior management, translating complex risk landscapes into strategic guidance.
• Oversee the portfolio of risk findings, regulatory commitments, and corrective action plans, driving timely, effective, and sustainable remediation.
• Lead oversight of Third-Party Risk Management for the organization’s technology and security critical service provider relationships.
• Monitor industry trends, emerging threats, and regulatory developments to proactively adjust the organization’s risk posture.
• Champion a strong risk‑aware and risk‑informed culture across the technology organization through education, engagement, and communication.