Serve as a key advisor responsible for recognizing and reporting Information Technology (IT) and Information Security (IS) strategic and aggregate risks
Advance the Enterprise Risk Management function for aggregation, quantification, and qualification of risks
Set direction for risk management programs within IT/IS and lead all aspects of the delivery of those programs
Provide risk management and governance leadership, operational direction and operational oversight of Information Security, Business Continuity, Data Center Security, AI and Corporate Investigations domains
Establish a best-in-class Risk Management framework for the Enterprise Security Group (ESG)
Ensure comprehensive oversight and management of risks across the full risk taxonomy
Responsible for the aggregation and reporting of risks to senior leadership
Assess and influence business decisions and direction
Contribute to the long-term strategy of risk systems' adaptation and integration
Ensure effective and appropriate policies, procedures, and controls are in place supporting all risk processes, systems, strategies and implementations
Establish trust and rapport with senior business leaders across the enterprise
Actively engage line of business leaders to address all risks consistent with policy
Partner with senior risk executives in managing risk appetite
Influence and set strategy for advancement of risk management framework
Provide advice to key business partners on risk and reward assessments

Requirements

Bachelor’s degree: OR 4 years of related experience may be substituted in lieu of degree
10+ years of risk management, regulatory or operations experience in a functional area such as insurance, banking, or financial services
5+ years focused on Information Security, Business Continuity, Physical Security or Corporate Investigations
4+ years of people leadership experience in building, managing and/or developing high-performing teams
Industry certification(s) in Information Security (e.g., CISSP , CISM) or Business Continuity (e.g., ABCP, CBCP) or Risk Management (e.g., CRISC ) or Physical Security (e.g., CPP)
Demonstrated experience working with and applying Risk, Security or Audit frameworks (FFIEC, COBIT, COSO, ISO 27001/2, NIST 800-53, SSAE16)
Knowledge of applicable laws, rules, and regulations applicable to financial institutions
Experience making data-driven decisions
Experience working with external agencies and regulators
Broad knowledge of information technology systems and general system development principles.

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

risk managementinformation securitybusiness continuitydata center securitycorporate investigationsrisk frameworksdata-driven decision makingregulatory complianceaudit frameworkssystem development principles

Soft Skills

leadershipstrategic thinkingcommunicationrelationship buildinginfluencingoperational oversighttrust establishmentcollaborationadvisory skillsengagement

Certifications

CISSPCISMABCPCBCPCRISCCPP