<p>GENERAL SUMMARY</p> <p>This position is responsible for the execution of 2LOD governance and oversight of Information Technology Risk Management (ITRM) which includes IT and IS governance and strategy, IT operations, Information Security, Change and Configuration Management, overall enterprise Information Technology and Information Security governance, risk, and compliance (GRC) management, and regular reporting to the Bank's governance committees. This individual will work closely with the Technology Risk and Control partners in 1LOD to participate in the credible challenge of the planning and implementation of Information Technology controls for all material IT and IS Projects and to provide oversight of the evaluation and selection of applications and systems. This individual will make recommendations and assist in the implementation of changes to work methods and procedures to make them more effective, to strengthen controls, or manage risk. This individual will also perform substantive control testing, as required, to assess the operating effectiveness of IT and IS general controls and application controls.</p> <p>ESSENTIAL FUNCTIONS</p> <ul> <li>As the Second Line of Defense (2LOD), provide thought leadership and constructive challenge to the First Line of Defense (1LOD) for control and risk-related matters. </li><li>Oversee IT risk management practices covering all facets of the IT Risk Management Framework (including Operations, Change Management, and Information Security), provide interpretation and counsel on policies and Standards. </li><li>Responsible for supporting the Information Technology Risk Management program. </li><li>Support the adoption of the Bank's eGRC platform throughout the enterprise and promote its use among the stakeholders of the Information Technology Risk Management program. </li><li>Provide technical and best practice guidance on Information Technology Risk Management and Information Technology, accounting for specific business platform complexities and issues. </li><li>Provide input into the setting of enterprise IT risk appetite based on platform specific differences and specific business considerations. </li><li>Develop periodic reports of Information Technology Risks and control effectiveness as required. </li><li>Review Information Security, Information Technology, and cybersecurity control processes along with associated documentation, and reporting. </li><li>Review key audit, regulatory and client due diligence to develop and communicate risk themes and solutions to the business. </li><li>Establish effective monitoring practices to ensure adherence to the IT Risk Management framework, supporting policies and standards, and assist the business in the identification of issues. </li><li>Perform 2LOD control testing, as required, to assess the design and operating effectiveness of 1LOD IT general controls and application controls. </li><li>Advise and collaborate with IT and the business on appropriate ways to strengthen controls in non-compliant areas. </li><li>Advise and provide credible challenge on the mitigation of IT Risk Management issues. </li><li>Assist in providing ongoing IT Risk Management governance and direction for the enterprise. </li><li>Engage with the Bank's leads for Information Technology, Information Security, Disaster Recovery & Business Continuity, Infrastructure, Data Governance, Vendor Management, Third-Party Risk Management, and Change Management Practices to obtain technical domain advice and advise on matters of risk. </li><li>Develop and maintain key business relationships to provide advice and oversight on new initiatives, products, and projects. </li><li>Perform annual review and on-going monitoring and development of 2LOD owned IT and IS policies and standards. </li></ul> <p>QUALIFICATIONS</p> <p>Education:</p> <ul> <li>College degree in Computer Science, Information Technology, or Information Security or equivalent preferred. </li><li>CISA or similar audit certifications. </li><li>Industry recognized certifications such as CISA, CRISC, or similar risk certifications preferred. </li></ul> <p>Experience:</p> <ul> <li>Minimum 5 years' experience in Information Security Risk and/or Audit within the financial services industry. </li><li>Minimum 3 years' experience in IT Audit or controls testing. </li><li>In depth knowledge and experience in Information Technology Governance, Risk, and Compliance. </li><li>Extensive knowledge and experience in regulatory guidance, most importantly for the FDIC, CFPB, and FFIEC requirements and supporting guidelines. </li></ul> <p>Skills/Ability:</p> <ul> <li>Strategic mindset, with excellent knowledge and understanding of the financial industry. Highly developed ability for conceptual thinking. </li><li>Excellent communication and presentation skills. </li><li>Proven track record of building strong relationships across business functions. </li><li>Strong presentation skills, in anticipation of audiences with varying IT knowledge; ability to adjust presentation details based on audience. </li><li>Demonstrated ability to interact effectively, internally, and externally, with the most senior representatives of the Bank, other organizations, regulators, and vendors. </li><li>Strong Microsoft Excel, PowerPoint, and report writing skills, including the ability to evaluate the usefulness of data and use it in meaningful communication. </li><li>Proven ability to initiate and manage projects. </li></ul> <p>OTHER DETAILS</p> <p>AVP: $88K - $118K / year</p> <p>VP: $118K - $160K / year</p> <p>Pay determined based on job-related knowledge, skills, experience, and location.</p> <p>This position may be eligible for a discretionary bonus.</p>