CardWorks

VP, IT Risk Management Governance – Policy

CardWorks

full-time

Posted on:

Location Type: Office

Location: PittsburghFloridaPennsylvaniaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

About the role

  • Develop, implement, and maintain the Technology Risk Management Framework aligned with enterprise risk strategy, regulatory expectations, and industry frameworks (e.g., NIST, ISO, COBIT)
  • Establish governance structures, processes, and routines to ensure consistent identification, assessment, monitoring, and escalation of technology risks
  • Ensure alignment between technology risk governance and enterprise risk management programs
  • Support Board and executive reporting by delivering clear, concise, and risk-based insights and recommendations
  • Prepare quarterly, monthly and as needed technology risk reports for senior management and Board committees
  • Translate complex technical and regulatory risk topics into business-relevant narratives for appropriate audiences
  • Contribute to IT risk-related policies and standards, including but not limited to Security Policy and supporting standards
  • Ensure policies align with internal control frameworks and applicable regulatory requirements (e.g., FDIC, SOC, SOX)
  • Manage policy review cycles, updates, and approvals according to a defined governance schedule
  • Drive consistent interpretation of technology policies across technology teams
  • Develop and maintain key risk indicators (KRIs), metrics, and dashboards across technology risk domains
  • Leverage metrics, incident data, and control performance to identify risk trends and emerging threats
  • Continuously enhance risk metrics to improve transparency and decision-making

Requirements

  • Bachelor’s degree required; advanced degree or certifications (CISA, CISSP, CRISC, etc.) preferred
  • 12+ years of experience in Technology, Technology Risk, IT Risk Management, Audit, or Regulatory
  • Proven experience developing and operating technology risk governance frameworks and executive reporting
  • Strong knowledge of regulatory requirements and control frameworks (e.g., FDIC, SOX, SOC, NIST)
  • Demonstrated ability to communicate risk effectively to all levels of the organization
  • Experience in highly regulated environments
  • Prior Big 4 or advisory experience a plus
  • Experience designing KRIs, dashboards, and risk reporting
Benefits
  • Medical, Dental, and Vision (plus much more)
  • 401(k) Plan with Company Match
  • Short- & Long-Term Disability
  • Wellness Programs
  • Group Life and AD&D Insurance
  • Paid Vacation, Sick Days and bank Holidays
  • Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Technology Risk Management Frameworkregulatory requirementscontrol frameworkskey risk indicators (KRIs)risk reportingincident data analysispolicy developmentrisk metrics enhancementexecutive reportinggovernance structures
Soft Skills
communicationrisk assessmentproblem-solvingstakeholder engagementnarrative translationdecision-makingorganizational skillsreporting claritycollaborationleadership
Certifications
CISACISSPCRISC