This role functions with a moderate level of autonomy, leveraging team peer connections, support from Risk Specialists and more senior members in the oversight of the Technology division regarding risk management. The functions of this role are primarily focused on a proactive risk management activities for assigned areas within the Technology division; serving as subject matter expert in gathering evidence, analyzing information, and documentation while providing oversight, effective challenge, assessment and/or advisory services. This will be accomplished through documenting engagement activities, areas of concern, and measuring the potential risk to the organization as it relates to the organizations risk appetite. This may include issuance of findings, review of remediation plans and validation of closure evidence.
Primary Responsibilities:Appropriate management of the Technology risk activities (findings/validations, remediation plans/updates, closure and closure validation).Execute independent/annual Targeted Review(s); planning, execution and reporting of detailed fieldwork regarding high/medium-high risk areas within the Technology/Cybersecurity division.Assist with oversight of Technology Risk Control Self Assessments (RCSAs) and other risk management reporting; this includes gap and delta assessments.Engage with assigned oversight areas; understanding the technology, overseeing and advising project/product work prior to implementation leveraging past experience and expertise, risk management practices, existing risk register and validation of controls.Identify and assess emerging risks and risks associated with new products/ services/ markets/ channels or changes to existing products/ services/ markets/ channels.Responsible for fieldwork (analysis, investigations, incidents, KRI/KPI metrics breaches, etc.) where some of this may be supported by team Risk Specialists.Participate in audits and in-depth reviews of Technology business line efforts and risk management activities.Adhere to applicable operational risk controls in accordance with Company or regulatory standards and policies and standards.Leverage existing hands on experience in Technology roles and knowledge of industry frameworks utilized by the by the organization such as FFIEC AIO, ITIL, and/or SDLC to provide guidance and build trusted partnerships with internal staff and third parties.Develop and analyze Technology metrics (KRIs, KPIs)Supervisory/Managerial Responsibilities:No direct management but may provide guidance to analysts and specialists.
Education and Experience Required:Bachelor’s degree and six years' experience in compliance, legal, audit, risk or other relevant function,
OR in lieu of degree,
A combined minimum ten years’ higher education and/or work experience including six years’ experience in compliance, legal, audit, risk or other relevant function.
Proficient computer skills (including spreadsheet and word processing software), analytical skills, working knowledge of applicable laws, written and verbal communications w/ all levels.