About the position
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. The role will contribute to the implementation of the U.S. Cyber and IT Risk Management Framework across the second line of defense. The framework encompasses oversight, reporting, governance, communications, and education. As part of the second line of defense for businesses in the United States, IT Risk provides independent oversight and challenge as well as assists in the development of the methodologies, policies, process, and tools to support the U.S. Cyber and IT Risk Management Framework. Contributes to the overall success of Cyber and IT Risk Management in the United States, ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team's business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.
Responsibilities
- Maintains the U.S. Cyber and IT Risk Management Framework and best practices within the Bank while acting as a center of excellence for IT and Cyber Risk in the U.S.
- Collaborates with the lines of business by acting in a consultative capacity to advise on IT risks that influence their business and ability to meet established strategic objectives, while maintaining oversight and objective challenge.
- Challenges the IT Risk components of the first line in the Risk & Control Self-Assessment (RCSA) process for the U.S., covering Legal Entities, Processes and Business Lines.
- Challenges investigation of IT Incidents to define root causes and provides input into remediation actions.
- Performs Deep Dives to assess the effectiveness of controls surrounding key processes, and to identify remediation for gaps to actively and demonstrably mitigate IT risks.
- Challenges IT risks within scenario analysis.
- Monitors Cyber security risks and the controls in place within the bank, as well as external Cyber security reporting which may impact the bank.
- Monitors compliance with IT Risk Policies, Standards and Guidelines.
- Prepares and coordinates monthly U.S. Information Risk Working Group meetings.
- Prepares monthly and quarterly IT and Cyber Risk reporting for U.S. committees and senior management.
Requirements
- Strong expertise in IT Risk Management (e.g. Logical Access, Data Leakage, Disaster Recovery)
- Experience with Cybersecurity Risk Management is preferred
- A minimum of 7 years of experience in technology departments and/or risk management, preferably in a financial institution
- Industry certifications desirable (e.g., ISACA CRISC)
- Advanced knowledge of relevant regulatory rules (FFIEC, NYDFS 500) and frameworks (NIST, COBIT) is preferred
Benefits
- Flexible benefit programs designed to support unique family, financial, physical, mental, and social health needs.
A Smarter and Faster Way to Build Your Resume