OverviewPOSITION SUMMARYThis role will work directly under the Head of Operational Risk and will be responsible for supporting the identification, measurement, monitoring, and management of technology-related operational risks across the organization. The individual will partner closely with Information Security, IT, Privacy, Data Protection, Business Continuity, and other key stakeholders to strengthen the organization's IT operational risk management framework.
The AVP, IT Operational Risk will play a key role in developing risk assessment methodologies, enhancing reporting, supporting risk assessments, coordinating with Information Security GRC on risk and control libraries, and helping ensure technology risks, control gaps, remediation activities, and emerging risks are appropriately identified, documented, tracked, and escalated.
RESPONSIBILITIES:- Identify, assess, monitor, and report on technology-related operational risks across the organization, including information security, privacy, data protection, business continuity, AI, and emerging technology risks.
- Partner with IT, Information Security, Privacy, Data Protection, Compliance, Legal, Internal Audit, Business Continuity, and business stakeholders to identify risks, evaluate control effectiveness, and address control gaps.
- Conduct and facilitate technology and operational risk assessments, identifying risk themes, emerging risks, and opportunities to strengthen the control environment.
- Support the development, implementation, and continuous improvement of the firm's technology operational risk management framework, including risk taxonomies, control libraries, assessment methodologies, documentation standards, and governance processes.
- Collaborate with the Information Security GRC team to align risk assessments, risk and control libraries, and Risk and Control Self-Assessments (RCSAs), while leveraging outputs from Internal Audit and other assurance functions.
- Support the administration and ongoing enhancement of the Optro GRC platform and promote consistent risk documentation, reporting, and governance practices.
- Develop dashboards, key risk indicators (KRIs), metrics, and reporting to communicate technology risks, remediation activities, control effectiveness, and emerging risk trends to senior management and governance committees.
- Translate complex technical risks into clear, actionable business risk reporting for executive and non-technical audiences.
- Support privacy and data protection initiatives by documenting operational risks, participating in privacy risk assessments, evaluating processing activities, assessing third-party risks, tracking remediation efforts, and contributing to incident response activities.
- Partner with Data Protection teams to evaluate control gaps, perform operational risk gap analyses, and document, monitor, and report remediation activities.
- Support business continuity and operational resilience initiatives, including Business Impact Analyses (BIAs), identification of critical business processes and technology dependencies, assessment of technology recovery risks, and development of mitigation strategies.
- Contribute to the development and execution of AI governance and emerging technology risk management practices by participating in risk assessments, control design, monitoring activities, issue management, and governance processes.
- Track remediation plans, control deficiencies, risk mitigation activities, and action items, following up with risk owners to ensure timely resolution and appropriate escalation of significant or overdue issues.
- Support alignment of technology operational risk activities with regulatory requirements, industry standards, and internal policies by monitoring regulatory developments and assessing their impact on the organization's risk management practices.
- Build strong cross-functional relationships and serve as a trusted risk partner, promoting a proactive risk culture and effectively communicating technology risk strategies, findings, and recommendations across the organization.
QUALIFICATIONS:- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Risk Management, Business, or a related field; Master's degree preferred.
- 5+ years of experience in IT Operational Risk, Technology Risk, Information Security GRC, IT Audit, Enterprise Risk, or a related governance, risk, or compliance function.
- Strong knowledge of technology risk, operational risk, information security, privacy, data protection, business continuity, and risk management frameworks.
- Experience conducting risk and control assessments, managing remediation activities, developing KRIs and reporting, and supporting governance processes.
- Experience partnering with IT, Information Security, Compliance, Privacy, Legal, Internal Audit, and business stakeholders in a cross-functional environment.
- Familiarity with enterprise GRC platforms (Optro preferred) and industry frameworks such as NIST, COBIT, ISO 27001, or FFIEC.
- Experience in financial services or another highly regulated industry preferred.
- Experience supporting AI governance, emerging technology risk, or third-party technology risk preferred.
- Excellent analytical, communication, and stakeholder management skills with the ability to translate technical risks into business-focused recommendations.
CERTIFICATIONS, LICENSES, AND/OR REGISTRATIONCRISC, CISA, CISM, CISSP, CIPM/CIPP(US) or similar certifications preferred
LOCATION AND COMPENSATION:This is a hybrid position, with 3 days on-site (Tues - Thurs) and 2 days work from home.
Our preference is for the position to be in Bayview's Coral Gables FL location but if relevant candidate is found outside of that market we may be amenable.
Compensation is competitive and commensurate with experience, including a base salary, performance-based bonus, and comprehensive benefits package.
PHYSICAL DEMANDS AND WORK ENVIRONMENTThe physical demands described here reflect those necessary for effective job performance:
- Regularly required to sit and use hands to handle or feel objects, tools, or controls; frequently required to talk and hear.
- Noise level in the work environment is typically moderate.
- Occasionally required to stand, walk, and reach with hands and arms; rarely required to stoop, kneel, crouch, or crawl.
- Must be able to lift/move up to 10 pounds.
- Required vision abilities include close vision, color vision, and the ability to adjust focus.
Reasonable accommodations may be made for individuals with disabilities to perform essential job functions.