Direct independent oversight and challenges to the design, implementation, and effectiveness of technology risk management practices across the enterprise.
Direct evaluations of risks related to disaster recovery, site reliability, service continuity, major incident response, and systemic outages.
Oversee assessments of resilience across cloud environments (AWS, Azure, etc), SaaS/PaaS integrations, and critical third-party providers.
Advise on scenario testing, impact tolerances, and regulatory expectations for resilience.
Help define and maintain the corporate Technology Risk Framework, ensuring alignment to banking-industry standards (e.g., CRI, NIST CSF, FFIEC CAT, ISO 27001).
Partner with Engineering, Infrastructure, Cloud, IT Ops, Cybersecurity, and Product to ensure technology solutions and services align with control expectations.
Provide proactive guidance on risk/control requirements during product development, cloud migration, data strategy, AI governance, and change management initiatives.
Support periodic risk assessments, including IT general controls, cloud risks, cyber risks, AI/ML risks, data management risks, and operational resilience assessments, and govern the tracking, challenge, and closure of technology and cyber findings and issues.
Monitor and refine risk and performance indicators (KRI/KPI), Risk and Control Self Assessments (RCSA), emerging technology risks, and deviations from established risk appetite.
Serve as a Subject Matter Expert for technology-related regulatory inquiries, examinations, and audits (internal/external).
Help interpret and communicate regulatory requirements from global bodies (e.g., OCC, FCA, MAS, EBA, ESMA) to Technology and Security leaders.
Provide expertise for assessing control gaps and remediation plans; evaluating adequacy, sustainability, and timeliness of corrective actions.
Provide senior leadership and Board-level risk reporting on technology risk posture, trends, and emerging issues.
Communicate risk insights in clear, non-technical terms for executive decision-making.
Mentor junior risk analysts and managers; build a high-performing IT Risk team.
Promote a strong risk culture and effective communication between 1LOD and 2LOD.
Represent Technology Risk in enterprise committees (Risk Committees, Change Advisory Boards, etc.).

Requirements

15 or more years of progressive experience in Technology Risk, IT Audit, Cybersecurity, or Operational Risk within financial services, banking, or heavily regulated industries.
5 or more years experience in leadership roles within information security, regulatory, and privacy controls environment, and information security or IT governance, regulatory landscape, risk assessment, and risk management principles and techniques.
Strong understanding and experience with Information technology systems and processes, network infrastructure, data architecture, data processes, protocols, and auditing and monitoring processes.
Strong understanding and experience with Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
Deep understanding of risk management frameworks (COSO, NIST, ISO 27001), regulatory expectations (FFIEC, OCC, Fed, CFPB), and cloud security principles (AWS/GCP/Azure).
Experience operating within a formal three-lines-of-defense (3LOD) model.
Strong analytical ability to evaluate complex technology environments and translate technical risks for senior stakeholders.
Demonstrated experience interfacing with regulators, auditors, or compliance examiners.
Exceptional written and verbal executive-level communication skills.
Executive presence and the ability to influence without authority.
Independence of judgment and comfort challenging senior stakeholders.
Strong collaboration and relationship management skills.
Comfort handling ambiguity, scaling programs, and driving maturity.
Ability to be flexible and work in grey space.
Background and drug screen.

Benefits

Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
12 weeks of Paid Parental Leave
Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.
And SO much more!

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

technology risk managementdisaster recoverysite reliabilityservice continuitycloud environmentsrisk assessmentsdata managementrisk and control self assessmentscybersecurityregulatory compliance

Soft skills

executive-level communicationanalytical abilitycollaborationrelationship managementinfluence without authorityindependence of judgmentmentoringbuilding high-performing teamshandling ambiguityflexibility