VP, Technology Risk

About The Position

Requirements

• 15 or more years of progressive experience in Technology Risk, IT Audit, Cybersecurity, or Operational Risk within financial services, banking, or heavily regulated industries.
• 5 or more years experience in leadership roles within information security, regulatory, and privacy controls environment, and information security or IT governance, regulatory landscape, risk assessment, and risk management principles and techniques.
• Strong understanding and experience with Information technology systems and processes, network infrastructure, data architecture, data processes, protocols, and auditing and monitoring processes.
• Strong understanding and experience with Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
• Deep understanding of risk management frameworks (COSO, NIST, ISO 27001), regulatory expectations (FFIEC, OCC, Fed, CFPB), and cloud security principles (AWS/GCP/Azure).
• Experience operating within a formal three-lines-of-defense (3LOD) model.
• Strong analytical ability to evaluate complex technology environments and translate technical risks for senior stakeholders.
• Demonstrated experience interfacing with regulators, auditors, or compliance examiners.
• Exceptional written and verbal executive-level communication skills.
• Executive presence and the ability to influence without authority.
• Independence of judgment and comfort challenging senior stakeholders.
• Strong collaboration and relationship management skills.
• Comfort handling ambiguity, scaling programs, and driving maturity.
• Ability to be flexible and work in grey space.
• Background and drug screen.

Nice To Haves

• Prior leadership of 2LOD functions within a bank or FinTech.
• Certifications such as CRISC, CISA, CISSP, CISM, CCSP, CGEIT.
• Experience with modern engineering practices (DevOps, CI/CD pipelines, microservices, IaC).
• Familiarity with ISO 27001, PCI DSS, NIST, SIG, FFIEC handbooks, SOC2 Type II, GLBA, FCRA, NYDFS, and other data privacy and global regulatory frameworks.
• Project or Process management experience.
• Strong experience developing and tracking information security related KPIs and KRIs.

Responsibilities

• Direct independent oversight and challenges to the design, implementation, and effectiveness of technology risk management practices across the enterprise.
• Direct evaluations of risks related to disaster recovery, site reliability, service continuity, major incident response, and systemic outages.
• Oversee assessments of resilience across cloud environments (AWS, Azure, etc), SaaS/PaaS integrations, and critical third-party providers.
• Advise on scenario testing, impact tolerances, and regulatory expectations for resilience.
• Help define and maintain the corporate Technology Risk Framework, ensuring alignment to banking-industry standards (e.g., CRI, NIST CSF, FFIEC CAT, ISO 27001).
• Partner with Engineering, Infrastructure, Cloud, IT Ops, Cybersecurity, and Product to ensure technology solutions and services align with control expectations.
• Provide proactive guidance on risk/control requirements during product development, cloud migration, data strategy, AI governance, and change management initiatives.
• Support periodic risk assessments, including IT general controls, cloud risks, cyber risks, AI/ML risks, data management risks, and operational resilience assessments, and govern the tracking, challenge, and closure of technology and cyber findings and issues.
• Monitor and refine risk and performance indicators (KRI/KPI), Risk and Control Self Assessments (RCSA), emerging technology risks, and deviations from established risk appetite.
• Serve as a Subject Matter Expert for technology-related regulatory inquiries, examinations, and audits (internal/external).
• Help interpret and communicate regulatory requirements from global bodies (e.g., OCC, FCA, MAS, EBA, ESMA) to Technology and Security leaders.
• Provide expertise for assessing control gaps and remediation plans; evaluating adequacy, sustainability, and timeliness of corrective actions.
• Provide senior leadership and Board-level risk reporting on technology risk posture, trends, and emerging issues.
• Communicate risk insights in clear, non-technical terms for executive decision-making.
• Mentor junior risk analysts and managers; build a high-performing IT Risk team.
• Promote a strong risk culture and effective communication between 1LOD and 2LOD.
• Represent Technology Risk in enterprise committees (Risk Committees, Change Advisory Boards, etc.).

Benefits

• Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
• 401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
• Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
• 12 weeks of Paid Parental Leave
• Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.