Information Technology / Operational Risk


New York, NY

Industry: Financial Services


11 - 15 years

Posted 384 days ago

This job is no longer available.


This role will have accountability for risk management within the cross functional groups of the Enterprise CIO organization focusing on Platform Services, Enterprise Architecture, and Core Services as First Line of Defense. The environment continues to be one of heightened standards, raised risk consciousness and regulatory requirements. The model through which team members deliver risk programs and oversight is evolving. This role is created in alignment with the new comprehensive First Line of Defense risk structure for Enterprise Information Technology. As the first line of defense, this role assures real risk reduction within the divisions, consistent with the Firms Vision & Values and risk appetite.

The EIT Divisional Risk Manager will lead the planning and execution of critical risk functions, in alignment with the Corporate Risk Model and EIT Risk Target Operating Model.


· Develop, implement and support a TechnologyRisk Framework in alignment with the Risk Management Framework

· Document risk(s) within established and new line of business products/services and shared services IT processes/products/services

· Evaluate risks and prioritize risks and remediation work

Identify & Assess :

· Conduct and supportrisk assessments that evaluate the technology application/infrastructure environment and estimate the level and trends of inherent risk, determine the effectiveness of associated controls and the level and trends of residual risk

· Be proactive identifying risks within the divisions and across internal and external events

Control & Mitigate:

· Design and implement effective and proactive action plans that appropriately mitigate risks in a sustainable manner and define Key Risk Indicators to track impact

· Operate controls in an effective manner to mitigate risks and deliver IT value

· Execute the related compliance process (e.g. Audits, CICATs, SOX) and IT Policy Management & Exceptions

Monitor & Report:

· Monitor controls to identify gaps and prevent, correct, detect operational risk issues

· Identify, measure, monitor, support and complete EIT risk management training, communication, and outreach programs

· Integrate continuous improvement with metrics and monitoring

· Support Virtuous Circle of risk management

Review and Verification:

· Assuring strategic and foundational risk attributes are comprehensively included in pre, during and post analysis

· Ongoing reviews to identify anomalies, exceptions and outliers that could lead to additional riskevents

· Verifying risk management standards, requirements and documented risk reduction attributes are applied


Required Qualifications:

· 10+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 10+ years of IT systems security, business process management or financial services industry experience, of which 6+ years must include direct experience in compliance, operational risk management, or a combination of both

· 7+ years of management experience

Other Desired Qualifications:

· 10 + years of leadership within Consumer Banking in a large financial services organization or service provider that implemented these services for financial services organizations, both domestic and international

· 10+ of experiencesupporting SOX/SOC, Regulatory Exams (Domestic and Int’l), Audits and othertechnology control related assessments

· 7+ years of management experience with risk control frameworks (NIST, FFEIC, COBIT, ITIL,COSO)

· Certifications that support business or risk related knowledge/experience (FINRA, PMP, CRISC, CFE, CISSP, CIA, etc...)

· Broad and significant knowledge of technology with emphasis on development operations, SDLC, problem and incident management, configuration management, application infrastructure services (e.g. middleware), platform management, information securityarchitecture, identity and access management, enterprise

architecture, cloud, third party hosted solutions, application risk assessments, information management, enterprise data, CRM services, and books and records.

· Senior risk professional with proven “c” level communication skill set

· Advanced Microsoft Office skills

· Excellent verbal, written, and interpersonal communication skills

· Strong analytical skills with high attention to detail and accuracy

· Ability to articulate complex concepts in a clear and concise manner

· Experience in multiple areas of regulatory compliance, including risks and issues related to consumer protection and general banking regulations of the OCC, FRB, CFPB, FINRA and other federal, state and local regulations and laws.

· Proven ability and prior experience in generating a business value proposition and justification for risk consideration and input at new product & service inception

· Demonstrated “enabler” philosophical approach to risk management that “gets to yes” with real solutions that meet all stakeholder requirements

· Proven prior experience in comprehensive risk ownership and accountability for the risk profile positioning

· Track record of providing constructive challenge with appropriate issue escalation and offering solution

· Strong ability and experienceworking with and collaborating with leaders and team members at all levels and across functional lines.

· Demonstrated experience in building, leading, developing and retaining a team of managers, strong technical experts and high performing professionals in geographically disbursed environments