Position Summary: The Manager, Enterprise Risk Management (Technology Risk) will be involved in all aspects of the enterprise-wide risk management program, with a particular focus on Technology Risk Management. This role will support in executing the organization’s ERM Framework, as well as facilitate interfacing with functional units to establish and communicate risk management methodology, processes, risk appetite and risk culture.
This role will support leadership during a period of rapid organizational change and industry advancement, as well as technical efforts such increasing use of the cloud, artificial intelligence, new, and emerging technologies. The role will ensure that the company appropriately prioritizes, manages and monitors risk by collaborating with several departments and defining risk ownership. A successful candidate will contribute to the Technology Risk Management program by offering knowledge over information technology guidelines, procedures, processes, controls, reporting and leading practices.
Qualifications Required
- Bachelor’s degree in finance, business or technology-related field
- 5-7 years of practical experience in operational technology risk, internal control and compliance, in the financial services industry, supporting enterprise-wide functions and projects, and multi-tasking on projects with competing priorities
- Applied knowledge over Information Technology operational business processes and industry best practices including areas such as IAM, SDLC, Computer Operations, Security and Vulnerability Management
- Knowledge of Information Technology Systems, Networks and Cloud, e.g. experience with AWS, MS365, or Azure
- Ability to understand management objectives, risk appetite, tolerances and impact of changes to risk profiles
- Excellent aptitude for modern IT Risk & Compliance concepts and methodologies
- Understanding of the financial regulatory environment for the banking and payment systems industry
- Experience in IT governance and controls, including governance and control frameworks, such as NIST, CIS, COBIT, ITIL, FFIEC, COSO or equivalents
- Maintain current knowledge of new regulations and emerging industry and technology risks such as AI, Quantum Computing and report potential and/or actual impact to enterprise impact
- Ability to work independently and proactively; innovative, resourceful, results oriented, with appropriate judgment
Qualifications Desired
- Knowledge of IT risk, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis
- Experience with new technology trends relating to enterprise level cloud-based development, deployment, and assessment, including PaaS, IaaS, and SaaS
- Understanding of AI governance and associated risks is preferred. Technical certifications such as CISA, CRISC, CGEIT, CCSP, CCSK, SANS SEC545, CISSP, GIAC, CISM, or equivalents are preferred
- Risk Management related certifications such as ISO-31000 are preferred
- RSA Archer or other GRC experience
- MBA preferred in Finance, Business or technology-related field preferred
Essential Functions And Responsibilities
- The ERM Manager role is a critical member of the Risk Office and is responsible to contribute towards the design, development, implementation and execution of the ERM Framework to establish an effective risk-based system to identify, measure, monitor, and control enterprise-wide risks
- Build, maintain and enhance business relations with department and business stakeholders for the smooth implementation of risk management activities across the organization
- Support the Director of Enterprise Risk Management (Technology Risk) in implementing Risk Office goals for TCH
- Monitor and analyze risks within the company's business units
- Identify specific tech risk observations and work with affected parties to classify and address the risk issues
- Identify, understand and assess Information and Technology risks associated with the operational processes
- Partner with Information Security in aspects associated with the 2nd line review and challenge of the Information and Technology framework of the organization
- Apply sound judgment in evaluating risks and controls; effectively challenge IT leads on the identification and acceptance of risks and the adequacy of controls
- Perform risk assessments to identify current and emerging key risks (operational, technology, etc.)
Success Factors/job Competencies
- Effectively multi-task across tactical and strategic deliverables in an organized manner
- Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical, verbal and writing skills
- Create and maintain relationships with risk owners
- Continue to automate the TCH Risk Framework elements
- Motivated to learn new technologies and identify process improvements and efficiencies
Physical demands and work environment: Work is generally sedentary in nature but may require standing and walking. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available. Travel may be required.
Employees will report to the office two to three days each week. Onsite work requirements may change at any time.
The anticipated annual salary range for NY-based candidates for this position is $135,000-$150,000. Base salary and position level will be determined by the role, experience, skill set and location. For eligible positions, discretionary incentive compensation may be awarded contingent on personal and company performance. Our benefits program includes medical, dental, vision, life insurance, 401k plan with company contribution and company match, tuition reimbursement and more.