$150K - $200K(Ladders Estimates)
A Technology Senior Risk Manager (SRM) is responsible, along with business unit management, to oversee and manage all aspects of risk and assess on an ongoing basis the material risks associated with its activities, determining if actions need to be taken to strengthen risk management or reduce risk given performance against the business unit's risk profile and tolerances.
• Responsible for issue management including partnering with business leaders to develop action plans that will deliver intended outcomes within defined timelines while identifying themes and related holistic remediation plans.
• Provides day to day support to the business unit(s) providing knowledge and expertise on the appropriate implementation of Regulations, Rules and industry standards through procedures, other guidelines, and industry best practices.
• Performs detailed risk assessments and advises the business lines on risk mitigation actions.
• Responsible for facilitating risk and control self-assessments with the technology business lines.
• Provides regulatory expertise and solutions on complex risk and compliance issues based upon understanding of business unit's activities and products.
• Advise on new processes / products, initiatives and strategies from a risk and control perspective; guide the business unit(s) through the various governance approvals related to new initiatives ensuring proper controls.
• Acts as lead for exam for product / function under review. Participates in all important interactions with the regulators.
• Lead teams on risk and product related initiatives to meet corporate, divisional and business line objectives.
The SRM will establish and maintain an effective business relationship with business partners, key project stakeholders, Second Line of Defense and subject matter experts to advise and support the Business Control Officer (BCO).
• 7+ years of experience in Information Technology, Information Security and/or Business Continuity
• 7+ years of Risk management experience gained from working in financial services industry, preferably in Technology Risk or Operational Risk
• Experience in an organization that is under strong regulatory oversight and scrutiny
• Intermediate knowledge of internal controls and risk self assessment
• Basic knowledge of business areas processes and/or products and operations; regulatory requirements; and key processes, controls and exposure areas
• Understanding of FFIEC guidelines and handbooks, GLBA, SOX, PCI
• Knowledge of industry recognized frameworks such as ISO 27001, ISO 20000, ISO 9001, ISO 31000, ISO 22301, Cobit, COSO, ITIL
• Ability to analyze and synthesize many risk data points and help the business to prioritize mitigation
• Analytical thinking skills
• Strong business writing skills
• Ability to effectively communicate with all levels of the organization
• Project management skills to support multiple assignments on behalf of various stakeholders
• Leadership, coaching and development of staff
• Proficient use of Microsoft Office Suite
• Bachelor's degree required
• Master's Degree preferred
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified Internal Auditor (CIA)
• Technology discipline certification such as CCNA, MCSE, RHCE
• Certified Fraud Examiner (CFE).
Valid Through: 2019-9-20