Cyber Security Engineer
VetsEZ
CloudCyber Security
Managing Director, IT – Infrastructure Risk Lead
Webster Bank
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $180,000 - $225,000 per year
Job Level
Senior
Tech Stack
CloudCyber SecurityPMPSDLC
About the role
- Oversee and strengthen the bank’s technology and infrastructure control environment.
- Lead a high-performing team of technology risk professionals and serve as a risk partner to leadership over Infrastructure, Project Management, and Architecture.
- Ensure technology risks are proactively identified, assessed, and mitigated across the enterprise.
- Build and maintain a comprehensive control inventory with traceability to risks, regulatory requirements, and internal policies.
- Enhance and lead the Risk and Control Self-Assessment (RCSA) program across Front Line Units (FLUs).
- Provide risk partnership for technology processes including cloud security and configuration, asset management, secure SDLC, patch management, incident and problem management, capacity planning, database management, identity and access management, and DevSecOps practices.
- Drive early identification of control issues, lead root cause analysis, and oversee development and execution of remediation plans.
- Partner with Enterprise Architecture and Project Management Office to integrate risk into SDLC tollgates and promote “shift left” practices (IaC, secure CI/CD, patch management).
- Perform risk evaluations of material changes in infrastructure, cloud, and networking; engage with cloud operations to secure new services and configurations.
- Evaluate risk impact of incidents and provide governance and oversight of patch management programs.
- Develop and deliver executive-level reporting on risk trends, control effectiveness, and remediation status.
- Support internal audits and regulatory examinations; act as liaison with regulators and ensure compliance with applicable regulations and banking standards.
- Lead continuous improvement of the overall risk and control environment to adapt to regulatory and operational changes.
Requirements
- High school diploma or GED required.
- Bachelor’s degree in Technology, Risk Management, or a related field, preferred.
- Advanced degree and/or risk certifications preferred (CISA, CISSP, CCSP, PMP, etc.).
- 10+ years of experience in risk management, operational risk, or internal audit within the banking or financial services industry.
- Substantial experience in leading RCSA, internal audit, or similar assessment/testing programs.
- At least 5 years in a senior leadership role.
- 10+ years of experience in technology risk, operational risk, information security, or audit in a regulated financial or technology-driven environment.
- Deep understanding of banking regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
- Strong familiarity with software-defined networks, cloud security posture management, zero trust network principals, and cloud access security brokers.
- Deep understanding of technology risk frameworks for infrastructure, cloud, cybersecurity, service management, and delivery (e.g., NIST, ISO, FFIEC), CRI/CRI Profile, and risk rating methodologies.
- Experience with cloud operations, Infrastructure as Code (IaC), enterprise architecture, asset management, change management, database management, identity and access management, configuration management, network security, capacity management and FinOps, problem and incident management, agile software delivery, DevSecOps, and project management.
- Proven experience interfacing with regulators (e.g., OCC, FRB, SEC) and audit functions.
- Exceptional written and verbal communication, influencing, and negotiation skills at senior executive levels.
- Ability to translate complex technical risks into clear business language.
- Experience managing high-performing risk or compliance teams.
- Strong judgment, discretion, and an ability to operate in fast-paced, ambiguous environments.
- Strategic thinker with a practical orientation toward execution and results.
