• This colleague will be focused on the information security and technology space. Primary responsibilities include independent oversight, review, and challenge of risk management activities within the first line of defense, including the effectiveness of the formal risk program activities. Activities include Risk and Control Self-Assessments, Issues Management, Material Risk Identification, Change Management, new business initiative risk assessments, and other formal programs.
• Advise first line risk partners on complex risk issues and challenges, while identifying and assessing aggregate enterprise-wide risks. Working with key stakeholders, including all three lines of defense, escalate emerging risk issues that require remediation and work directly with stakeholders while driving accountability. Maintain strong relationships with all three lines of defense, as well as the regulatory agencies.
• Understand the external environment, including emerging risks within the industry and the priorities of the regulatory agencies. Determine how these changes affect the risk profile of the enterprise and work with appropriate stakeholders to ensure mitigation strategies are underway.
• Participate in the cybersecurity incident response activities to ensure risks are properly assessed in real time and mitigating actions are appropriate. Post incident, lead or participate in root cause analysis and opine on next steps.
• Lead targeted risk assessments on emerging issues to provide an independent opinion on the impact to the enterprise.
• Operate within existing governance structures with an eye towards making these processes more efficient and effective. Manage applicable policy and program governance, while performing assurance activities to assess corporate wide compliance.
• The role may be co-located as needed with the relevant business and must be actively engaged to support the business with providing domain-relevant advice, monitoring, and credible expert challenge to ensure the independent Operational Risk Management Program is effectively implemented.

Required Experience

• 4+ years risk management experience from working in financial services industry.
• 4+ years demonstrated domain expertise and experience within the information security and technology risk areas.
• Experience in an organization that is under strong regulatory oversight and scrutiny.
• Proven ability to develop and maintain high impact relationships with senior executives.
• Expert knowledge of internal controls and risk assessment
• Deep understanding of banking products and operations; regulatory requirements; and key processes, controls, and exposure areas
• Influencing and conflict resolution skills
• Excellent business writing skills
• Proficient use of MS Word, Excel and PowerPoint

Education

• Bachelor’s degree Required.

Preferred Qualifications

• Certifications Preferred: Certified Information System Security Professional, Certified Information Security Manager Certified Information Systems Auditor, Certified in Risk and Information System Controls, or other relevant risk certifications.

Hours & Work Schedule: Hybrid - 3 days in the office, 2 working from home.

• Hours per Week: 40
• Work Schedule: Monday - Friday
• #LI-CITIZENS2