Sr Manager

General Description

We are seeking an experienced and strategic leader to oversee Popular’s IT and Cyber Risk Governance and Assurance within the second line of defense (2LoD). In this role, you will help shape and strengthen enterprise-wide risk oversight by leading independent testing programs, enhancing governance frameworks, and supporting regulatory readiness across IT and Cyber domains.

This is a highly visible role for a leader who enjoys influencing at the executive level, building strong partnerships, and driving meaningful improvements in risk management. You will serve as a trusted advisor to senior leadership, providing independent challenge, practical insights, and strategic guidance to help ensure risks are identified, measured, monitored, and mitigated effectively.

Essential Duties and Responsibilities

• Lead the design and execution of an enterprise-wide IT and Cyber risk testing program, ensuring an independent assessment of control design and effectiveness across the organization.
• Establish and oversee risk governance frameworks, including policies, standards, and control structures for IT and Cyber risk.
• Own and govern the Application Risk Classification methodology, ensuring consistent risk tiering across the organization’s applications and alignment with risk-based decision-making.
• Serve as a trusted second line of defense advisor to business and technology leaders, helping guide risk-informed decisions related to initiatives, control implementations, and risk acceptances.
• Partner closely with first line of defense teams to strengthen control environments, identify gaps, and support effective remediation strategies.
• Lead regulatory exam readiness and response efforts, coordinating with regulators such as the FRB and NYDFS, as well as external auditors, to ensure high-quality deliverables and consistent risk messaging.
• Oversee risk remediation and issue management, ensuring timely resolution of findings from regulatory exams, audits, and internal assessments.
• Develop and maintain Key Risk Indicators (KRIs), dashboards, and reporting to provide visibility into risk exposure and trends to senior management and committees.
• Participate in and contribute to enterprise governance forums and risk committees, including IT & Cyber Risk Committee, the Enterprise Risk Management Committee and Board-level Risk Management Committee, among others.
• Oversee third-party risk and vendor assessments, including critical vendor oversight and incident response coordination.
• Lead the evolution of enterprise risk processes and tools, including automation initiatives (e.g., workflow digitization).
• Lead and cultivate a high-performing technical team, setting a tone of accountability, engagement, transparent communication, continuous improvement, and sustained professional development.
• Manage budget, including third-party consulting and resource planning, ensuring efficient use of resources aligned with strategic priorities.
• Develop and support the IT & Cyber units’ Risk and Control Self-Assessments (RCSAs)
• Review and provide effective challenge on IT & Cyber related policies, standards, and programs to ensure alignment with regulatory expectations, risk mitigation strategies and control frameworks.

Education

• Bachelor’s degree in Computer Science, Engineering, Information Systems, Cybersecurity, or related field required.
• Master’s degree or relevant certifications (e.g., CISSP, CISM, CRISC) preferred.

Experience

• 10+ years of experience in IT Risk, Cyber Risk, Information Security, or related functions within complex organizations.
• Demonstrated experience operating within risk management frameworks (2LoD preferred).
• Practical knowledge of IT and Cyber frameworks, laws, regulations impacting financial institutions (e.g., COBIT, NIST, FFIEC, CRI, and others)
• Strong expertise in IT and Cyber control environments, including:
  • SDLC, Change Management, and IT Operations
  • Identity and Access Management
  • Backup, High Availability, and Disaster Recovery
  • Vulnerability Management and security testing tools (e.g., SAST, DAST)
  • Proven experience designing and executing risk-based testing or assurance programs.
  • Experience interacting with regulators and external auditors in highly regulated environments.
  • Strong background in risk governance, policy and standards management, and control frameworks.
  • Experience supporting or leading large-scale regulatory exams or audits.
  • Demonstrated ability to lead complex initiatives and influence senior stakeholders.
  • Experience managing teams and scaling functions in high-growth or evolving environments.

Other Qualifications

• Ability to translate complex technical risk topics into clear business insights for executive audiences.
• Advanced analytical and problem-solving skills, with the ability to evaluate complex risk scenarios and make sound recommendations.
• Executive presence and ability to interact effectively with senior leadership and regulatory bodies.
• Bilingual (English and Spanish), with excellent verbal and written communication skills.
• Strong organizational and prioritization skills, with the ability to manage multiple high-impact initiatives simultaneously.
• Strong sense of accountability, adaptability, and the ability to perform effectively in a fast-paced environment.
• Proven ability to challenge constructively and influence decisions across the organization.
• Demonstrated ability to lead cross-functional teams in hybrid environments, fostering alignment, collaboration, and clear communication across diverse stakeholders.
• Proven ability to build trust, strengthen team engagement, and foster an inclusive culture through thoughtful leadership, coaching, and talent development.
• Exceptional interpersonal and communication skills, with the ability to influence constructively, align stakeholders, and advance shared priorities across the organization.
   

Region Locations

Popular Center, 011

San Juan, Puerto Rico