Manager II

General Description

This role works closely with the Corporate Security and IT Groups in order to secure information, create, and implement strategies to minimize the variety of risks that could threaten the key information of the Organization. Is responsible to ensure that IT systems are structured in a way that is effective and efficient for the organization. It also involves monitoring and managing the IT systems to ensure they are secure. 

Essential Duties and Responsibilities

•    Develop IT risk strategy, program, and governance frameworks.

•    Develop and support IT and cyber units’ risk and control self-assessments (RCSAs) and support the day-to-day risk management of the IT risk and control environment.

•    Identify issues and support IT and cyber leadership in overseeing issue remediation, including the development and execution of viable issue remediation plans.

•    Support IT and cyber in the managing and monitoring of technology and cyber risk events, including reporting, remediation progress, and escalation to the risk committees and crisis management team, when needed.

•    Oversee the IT and cyber control framework including QA and 2LOD control testing to evaluate the design and effectiveness of individual IT and cyber controls.

•    Evaluate external risk events for potentially emerging risk that may impact IT and cyber. Identify opportunities to proactively address and mitigate emerging technology and cyber risks.

•    Manage IT and cyber second line relationship with regulators and facilitate IT and cyber exams.

•    Represent enterprise risk in IT and Cyber initiatives in providing effective challenge and risk alignment in the design of enterprise technology and cyber programs.

•    Review and provide effective challenge on IT and Cyber Policy, program and standards to ensure alignment with regulatory expectations, risk mitigation and control frameworks.  

•    Lead implementation, change management, and execution of enterprise risk programs for IT and cyber divisions.  

•    Work in partnership with senior management of IT and cyber to define the risk appetite and create Key Risk Indicator (KRI) reporting to monitor key compliance and risk metrics.

•    Ensure appropriate reporting and escalation of KRIs to various committees is performed.

•    Ensure IT and cyber management and employees are aware of and comply with regulations and risk framework requirements, bank policy, department standards and procedures through the development of key measurement and testing strategies.
 

Education

Bachelor’s degree in Technology or Cyber.  Master degree preferred
Certification in Technology or Cyber (e.g. CISA, CISSP, CISM, CRISC)
 

Experience

Overall 15 years of experience minimum, divided as:
•    10 years of experience in IT risk, cyber risk, IT/Cyber control testing, IT Audit, five of those leading teams
•    5 years in role related to technology or cyber operations in the financial industry
•    Practical knowledge of IT and Cyber frameworks, laws and regulations impacting financial institutions (COBIT, NIST, FFIEC IT Handbooks, other)
•    Significant knowledge of IT and cyber processes and controls, working knowledge preferred
 

Other Qualifications

•    Proven ability to partner effectively across all levels of the organizations and develop positive working relationships.
•    Able to manage and execute multiple complex projects within required timeframes.
•    Experience defining and documenting IT policies, standards, and processes. 
•    Ability to analyze and assess the adequacy of IT controls and identify opportunities for reducing risk. 
•    Solid understanding of FFIEC requirements and Risk and Control Self-Assessments (RCSA)
•    Solid understanding of IT risk management and industry best practices. 
•    Excellent verbal and written communication skills with comfort around presenting new ideas and presentations to senior management. 
•    Ability to think critically and logically.  Highly perceptive, inquisitive and methodical. 
•    Proactive self-starter with good people management skills and strong work-ethic.
•    This is a technical role, but also it requires a deep understanding of business risks, critical thinking and presentation skills as this role will present to Senior Leaders and prepare board presentations.
 

Values