Senior Risk Officer– Cybersecurity – Security Architecture, Encryption and Secure Configuration[...]

This is a remote role that may be hired in several markets across the United States.

This role is responsible for analyzing risks within Operational Risk Management (ORM) Cybersecurity Risk Oversight (CRO) and assisting senior management in managing those risks. Employs comprehensive knowledge of risk management techniques, practices, and procedures as well as various banking regulatory requirements and processes. Works closely with regulators for continuous monitoring and exam management, business units, and enterprise-wide business support groups to manage cross-functional issues associated with risk. This role is responsible for maintaining influential relationships with senior management across the Three Lines of Defense and providing support for management and board committees. Maintains effective and productive external relationships. May have responsibility for managing and developing associates in the work group. This role has specialized focus on cybersecurity oversight of Security Architecture, Encryption and Secure Configuration processes and controls.

• Operational Risk Management - Develops new types of enterprise risk processes, analyses, and models as necessary. Identifies, evaluates, and plans strategies for improving risk management. Validates quantitative and qualitative risk measures. Maintains a strong knowledge of new and evolving risk management developments and industry changes. Assesses existing controls and works with management to comply with testing requirements. Identifies control deficiencies, monitors remediation of control deficiencies, and reports control issues to management. Prepares written reports for management review and approval. Communicates risk vision and regulatory requirements to stakeholders. Develops relationships and remains active within professional networks to stay abreast of current and emerging issues.
• Risk Education - Partners with business units to ensure implementation of and compliance with program policies and standards. Leads development and implementation of organizational training relating to ORM programs. Promotes risk awareness with stakeholders across the Bank through risk presentations, workshops, and roadshow materials. Develops and implements supporting business unit procedures as necessary.
• Committees and Projects - Provides support for other Enterprise & Operational Risk Management programs and initiatives such as risk control self-assessments, operational risk event reporting, and other activities. Participates as a risk advisor on project teams or committees to offer guidance related to risk best practices, processes and regulatory requirements.
• Business Support - Works closely with Internal Audit and numerous regulatory agencies. Manages preparation activities for Internal Audit and regulatory exams and participates in related meetings. Partners with risk leadership to ensure components are received in a timely manner for posting prior to exam start.

Bachelor's Degree and 6 years of experience in Enterprise Risk or Operational Risk, and Project Management or Internal/External Consulting OR High School Diploma or GED and 10 years of experience in Enterprise Risk or Operational Risk, and Project Management or Internal/External Consulting.

Preferred Education: Advanced Degree

Skill(s): Knowledge of risk techniques, practices, and control frameworks, Knowledge of various banking and government regulatory requirements and processes, Ability to work effectively with associates, senior management, and various committees, Knowledge of regulatory guidance pertaining to enterprise risk and operational risk.

Preferred Experience:

Required Area of Experience: Financial Services, Enterprise Risk Management, Operational Risk Management, Compliance, Audit, Cybersecurity, Technology

Preferred Area of Experience: Operational Risk Management

Preferred Area of Study: Cybersecurity, Technology

Position Specific Skills

• Experience working with Governance Risk and Compliance Applications
• Knowledge of risk
• Experience with relevant industry frameworks such as NIST CSF 2.0 or CRI – Intermediate - Required
• Experience with secure configuration baselines – Intermediate – Preferred
• Experience with industry approved encryption methods and controls – Intermediate – Preferred
• Experience with design and structure of security systems, networks, and technologies, encompassing the infrastructure, controls, policies, and mechanisms used to protect information assets– Intermediate – Preferred

License & Certification

License or Certification Type: CISA, CRISC, CISM, CISSP or Cloud Certification – Preferred