VP, IT Risk Management Governance & Policy

About The Position

Requirements

• Bachelor’s degree required; advanced degree or certifications (CISA, CISSP, CRISC, etc.) preferred
• 12+ years of experience in Technology, Technology Risk, IT Risk Management, Audit, or Regulatory
• Proven experience developing and operating technology risk governance frameworks and executive reporting
• Strong knowledge of regulatory requirements and control frameworks (e.g., FDIC, SOX, SOC, NIST)
• Demonstrated ability to communicate risk effectively to all levels of the organization
• Executive presence and strong judgment
• Strategic mindset with attention to detail
• Ability to synthesize data into clear risk insights
• Strong cross-functional collaboration skills
• Results-oriented with a focus on sustainable risk management
• Leads by example with a hands-on approach, willing and able to roll up sleeves to drive execution

Nice To Haves

• Experience in highly regulated environments
• Prior Big 4 or advisory experience a plus
• Experience designing KRIs, dashboards, and risk reporting

Responsibilities

• Technology Risk Framework & Governance Develop, implement, and maintain the Technology Risk Management Framework aligned with enterprise risk strategy, regulatory expectations, and industry frameworks (e.g., NIST, ISO, COBIT)
• Establish governance structures, processes, and routines to ensure consistent identification, assessment, monitoring, and escalation of technology risks
• Ensure alignment between technology risk governance and enterprise risk management programs
• Board & Executive Reporting Support Board and executive reporting by delivering clear, concise, and risk-based insights and recommendations
• Prepare quarterly, monthly and as needed technology risk reports for senior management and Board committees
• Translate complex technical and regulatory risk topics into business-relevant narratives for appropriate audiences
• Policy & Standards Ownership Contribute to IT risk-related policies and standards, including but not limited to Security Policy and supporting standards
• Ensure policies align with internal control frameworks and applicable regulatory requirements (e.g., FDIC, SOC, SOX)
• Manage policy review cycles, updates, and approvals according to a defined governance schedule
• Drive consistent interpretation of technology policies across technology teams
• Risk Metrics, KRIs & Dashboards Develop and maintain key risk indicators (KRIs), metrics, and dashboards across technology risk domains
• Leverage metrics, incident data, and control performance to identify risk trends and emerging threats
• Continuously enhance risk metrics to improve transparency and decision-making
• Regulatory & Risk Awareness Stay current on applicable regulations, supervisory guidance, and industry standards (e.g., FDIC, SOX, NIST)
• Assess regulatory changes for impact to technology risk governance, policies, and reporting
• Partner with Technology, Audit, and Risk teams to ensure readiness for exams, audits, and reviews

Benefits

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package -Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition