Broadgate are excited to be partnering with a growing finance Financial institution who are looking for an ERM Manager (Technology Risk)
The Manager, Enterprise Risk Management (Technology Risk) will be involved in all aspects of the enterprise-wide risk management program, with a particular focus on Technology Risk Management. This role will support in executing the organization’s ERM Framework, as well as facilitate interfacing with functional units to establish and communicate risk management methodology, processes, risk appetite and risk culture. This role will support leadership during a period of rapid organizational change and industry advancement, as well as technical efforts such increasing use of the cloud, artificial intelligence, new, and emerging technologies. The role will ensure that the company appropriately prioritizes, manages and monitors risk by collaborating with several departments and defining risk ownership.
Qualifications Required:
• Bachelor’s degree in finance, business or technology-related field
• 5-7 years of practical experience in operational technology risk, internal control and compliance, in the financial services industry, supporting enterprise-wide functions and projects, and multi-tasking on projects with competing priorities
• Applied knowledge over Information Technology operational business processes and industry best practices including areas such as IAM, SDLC, Computer Operations, Security and Vulnerability Management
• Knowledge of Information Technology Systems, Networks and Cloud, e.g. experience with AWS, MS365, or Azure
• Ability to understand management objectives, risk appetite, tolerances and impact of changes to risk profiles
• Excellent aptitude for modern IT Risk & Compliance concepts and methodologies
• Understanding of the financial regulatory environment for the banking and payment systems industry
• Experience in IT governance and controls, including governance and control frameworks, such as NIST, CIS, COBIT, ITIL, FFIEC, COSO or equivalents
• Maintain current knowledge of new regulations and emerging industry and technology risks such as AI, Quantum Computing and report potential and/or actual impact to enterprise impact • Ability to work independently and proactively; innovative, resourceful, results oriented, with appropriate judgment
Qualifications desired:
• Knowledge of IT risk, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis
• Experience with new technology trends relating to enterprise level cloud-based development, deployment, and assessment, including PaaS, IaaS, and SaaS
• Understanding of AI governance and associated risks is preferred. Technical certifications such as CISA, CRISC, CGEIT, CCSP, CCSK, SANS SEC545, CISSP, GIAC, CISM, or equivalents are preferred
• Risk Management related certifications such as ISO-31000 are preferred • RSA Archer or other GRC experience
• MBA preferred in Finance, Business or technology-related field preferred Essential Functions and
Responsibilities:
• The ERM Manager role is a critical member of the Risk Office and is responsible to contribute towards the design, development, implementation and execution of the ERM Framework to establish an effective risk-based system to identify, measure, monitor, and control enterprise-wide risks
• Build, maintain and enhance business relations with department and business stakeholders for the smooth implementation of risk management activities across the organization
• Support the Director of Enterprise Risk Management (Technology Risk) in implementing Risk Office goals for the firm
• Monitor and analyze risks within the company's business units
• Identify specific tech risk observations and work with affected parties to classify and address the risk issues
• Identify, understand and assess Information and Technology risks associated with the operational processes
• Partner with Information Security in aspects associated with the 2nd line review and challenge of the Information and Technology framework of the organization
• Apply sound judgment in evaluating risks and controls; effectively challenge IT leads on the identification and acceptance of risks and the adequacy of controls
• Perform risk assessments to identify current and emerging key risks (operational, technology, etc.) Success factors/job competencies: