Technology and Information Security Risk Specialist

IDBNY

$160K — $180K *
Finance & Insurance
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in technology infrastructure, information security, or cyber risk, preferably in a regulated financial setting.
  • Bachelor's degree in a related technical or risk discipline is preferred.
  • Strong understanding of technology, cybersecurity, and regulatory frameworks (e.g., NIST, NYDFS Part 500).
  • Proven skills in risk assessments, control reviews, and governance across all risk lines.
  • Ability to connect technology risk themes to enterprise risk management processes.
  • Experience with governance, risk, and compliance (GRC) tools and project management.
  • Preferred certifications include CISSP, CISM, CISA, CRISC, or CEH.

Responsibilities

  • Provide independent oversight and continuous monitoring of IT risk programs.
  • Lead the conduct of risk assessments and control reviews for technology-related functions.
  • Enhance the Second Line framework for technology and information security risk.
  • Identify and report risks associated with new projects and emerging technologies.
  • Prepare materials for management, audits, and regulatory discussions.
  • Engage with various stakeholders while ensuring Second Line independence.
  • Support risk awareness training and produce clear reports on findings.

Benefits

  • Eligibility for annual bonus and wide-ranging health insurance plans (medical, dental, vision).
  • Access to life and disability insurance and an employee wellness program.
  • Generous holiday and paid time off policies, including parental leave.
  • Retirement and savings plans with employer contributions.
  • Tuition reimbursement for continued education.
Full Job Description
Technology and Information Security Risk Specialist Vice President | Second Line of Defense Position Summary The Technology and Information Security Risk Specialist provides independent Second Line oversight of the Bank's technology infrastructure, information security, and cyber risk programs. The role evaluates whether risks are appropriately identified, assessed, escalated, reported, and remediated through a practical, connected, and risk-based approach. This position strengthens the Bank's risk posture by providing effective review and challenge, supporting risk assessments and control reviews, and connecting technology and information security risk themes to operational risk, vendor risk, change management, resilience, data management, and broader ERM processes. The role requires technical credibility, sound judgment, strong communication skills, and the ability to work effectively with First Line teams, senior leaders, auditors, regulators, Head Office, and executive stakeholders while maintaining Second Line independence. Core Responsibilities - Second Line Oversight and Challenge - Provide independent oversight, ongoing monitoring, and effective challenge of First Line technology infrastructure, information security, and cyber risk programs, including governance, controls, execution, reporting, and residual risk. Compensation The expected annual salary for this position is between $160,000 and $180,000 at the start of employment. A salary offer is determined on an individualized basis, taking into consideration factors such as an individual's skills and experience. In addition to base salary, our total rewards package also includes eligibility for an annual bonus, medical, pharmacy, dental, and vision plans, life and disability insurance, employee wellness program, retirement and savings plans with employer contributions, generous holiday and paid time off schedules, parental leave, and tuition reimbursement. - Risk Assessments and Control Reviews - Lead and review risk assessments, RCSAs, control testing, issues, remediation plans, KRIs/KPIs, policies, procedures, evidence, and supporting analysis. - Framework and Program Connectivity - Develop and enhance the Second Line framework for technology and information security risk and assess connectivity to operational risk, vendor risk, change management, resilience, data management, and enterprise controls. - Project, Change, and Emerging Technology Risk - Identify, assess, and report risks related to significant projects, new activities, vendor relationships, control changes, AI, automation, and other emerging technologies. - Reporting and Enterprise Risk Support - Develop KRIs/KPIs, prepare clear materials for management, committee, audit, board, and regulatory discussions, and provide input for ICAAP, risk appetite, risk profile assessments, and ERM routines. - Stakeholder Engagement - Coordinate with audit, regulators, Head Office, First Line technology and security teams, the CISO function, IT Operations Risk, Vendor Management, business lines, and executive stakeholders while maintaining Second Line independence. - Training and Work Product - Support targeted risk awareness efforts and produce clear, defensible work that connects facts, risks, controls, dependencies, and conclusions. Qualifications - Experience and Education - 10+ years in technology infrastructure, information security, cyber risk, IT controls, or related oversight functions, preferably within a regulated financial institution; bachelor's degree in a related technical or risk discipline preferred. - Technical and Regulatory Knowledge - Strong knowledge of technology, cybersecurity, and control environments, including cloud, applications, infrastructure, access management, resilience, NIST, NYDFS Part 500, FFIEC guidance, and related risk expectations. - Risk Assessment and Oversight - Skilled in risk assessments, control reviews, issue management, remediation tracking, risk reporting, governance routines, and effective challenge across First, Second, and Third Line stakeholders. - Enterprise and Emerging Risk Connectivity - Ability to connect technology and information security risk themes to ERM processes, including ICAAP, risk appetite, risk profile assessments, enterprise reporting, AI, automation, and other emerging technology risks. - Execution and Tools - Experience using GRC tools and managing technology or security-related projects, technical teams, and cross-functional workstreams with clear ownership, deadlines, reporting, and follow-through. - Communication and Judgment - Strong analytical, writing, documentation, executive communication, professional judgment, independence, and ability to produce clear, defensible work for senior management, committee, audit, or regulatory review. - Preferred Certifications - CISSP, CISM, CISA, CRISC, CEH, or equivalent certifications are strongly preferred. Reporting Structure - Reporting Line - Reports to the Head of Risk Strategy and Supervisory Oversight. - Key Partners - Partners with Risk, IT, Information Security, Compliance, Audit, Operations, Vendor Management, Head Office, and business stakeholders. - Role Focus - Provides independent 2LOD oversight, supports effective review and challenge, and connects technology and information security risk considerations to the Bank's broader risk framework All your information will be kept confidential according to EEO guidelines. We are operating on a Hybrid schedule.NO AGENCIES PLEASE. Kindly review our Privacy Notice and GLBA Consumer Privacy Notice.

Similar Jobs

More Jobs at IDBNY

  • FX Specialist
    $90K — $105K *
    New York, NY 10025 (New York County)
    Finance & Insurance
    In-Person
  • Credit Risk Analytics & Modeling
    $210K — $240K *
    New York, NY 10025 (New York County)
    Finance & Insurance
    In-Person

More Finance & Insurance Jobs

Find similar Technology and Information Security Risk Specialist jobs: