Sr. Director - IT Risk
The Senior Director IT Risk will work in conjunction with IT senior management to oversee the strategy and direction of the governance, risk, and compliance activities impacting Information Technology.
This director leads a team that works with the IT organization to ensure effective risk management and escalation to IT senior leaders.
The Senior Director of IT Risk will also have the responsibility to oversee the IT first line of defense risk team to monitor performance of controls, maintain documentation and support IT in risk identification, mitigation, and reporting.
The Senior Director of IT Risk will partner IT risk teammates with IT leaders to conduct operational controls and regulatory self-testing, issue management, risk and control self-assessments, and operational risk event activities.
This individual will collaborate with colleagues in Enterprise Risk Management and Compliance (2nd LOD) and Internal Audit (3rd LOD).
The position requires strong leadership and well-developed organizational skills.
This position also requires experience in compliance and/or risk management, specifically in IT risk and security with a financial institution.
Ultimately, this role will ensure that IT is controlling risk and exposure within the enterprise risk appetite.
Staff Management and Supervision Oversees a team of employees responsible for managing first line IT risk.
Provides leadership, coaching, mentoring, and training of staff.
Sets team and individual goals and resolves personnel issues.
Performs employee performance reviews and job evaluations.
Participates on committees and special projects as assigned.
Management of IT Risk Framework Activities Develop IT risk strategy, program, and governance frameworks.
Support IT units in conducting risk and control self-assessments (RCSAs) and the day-to-day management of the IT risk and control environment.
Support IT leadership in overseeing issue remediation, including the development and execution of viable issue remediation plans.
Support IT in the managing and monitoring of operational risk events, including reporting, remediation progress, and escalation when needed.
Oversee the IT control framework including QA and 1LOD control testing to evaluate the design and effectiveness of individual controls.
Evaluate external risk events for potentially emerging risk that may impact IT.
Identify opportunities to proactively address and mitigate emerging risks.
Assist with development of new IT policies, standards, and procedures.
Oversee annual reviews of policies, standards, and procedures to ensure accuracy and compliance.
Risk Initiatives Partner Manage IT relationship with internal and external auditors and regulators, and facilitate due diligence, exams, and reviews of IT.
Represent IT in enterprise risk initiatives in providing feedback and IT alignment to the design of enterprise programs.
Coordinate and ensure timely response to issues and questions coming from various risk partners and examiners.
Lead implementation, change management, and execution of IT responsibilities for enterprise-wide risk programs.
Review/monitor IT Self-Testing/KRI/Risk Management Work in partnership with senior management of IT to create Key Risk Indicator (KRI) reporting to monitor key compliance and risk metrics.
Ensure appropriate reporting and escalation of KRIs to various committees is performed.
Ensure IT management and employees are aware of and comply with regulations and risk framework requirements, bank policy, department standards and procedures through the development of key measurement and testing strategies.
Assist with identifying gaps and offer suggestions for resolutions.
Ensures compliance with applicable federal, state and local laws and regulations.
Completes all required compliance training.
Maintains knowledge of and adhere to Flagstar's internal compliance policies and procedures.
Takes responsibility to keep up to date with changing regulations and policies.
Job Requirements:
High School Diploma, GED, or foreign equivalent required.
Bachelor's degree in Technology preferred.
10 years of experience in IT risk, internal control or compliance role.
7 years in role related to technology operations in the financial industry.
Proven ability to partner effectively across all levels of the organization and develop positive working relationships.
Solid understanding of IT risk management frameworks, laws and regulations impacting financial institutions.
Able to manage and execute multiple complex projects within required timeframes.
Experience defining and documenting IT policies, standards, and processes.
Ability to analyze and assess the adequacy of IT controls and identify opportunities for reducing risk.
Solid understanding of Federal Financial Institutions Examination Council (FFIEC) requirements and Risk and Control Self-Assessments (RCSA).
Solid understanding of IT risk management and industry best practices.
Experienced supervising staff and ability to motivate a team to achieve success.
Demonstrated ability to follow company policies, standards, and procedures.
Strong attention to detail, ability to multi-task and well-developed organizational skills.
Demonstrated ability to maintain confidentiality using tact and diplomacy.
Excellent verbal and written communication skills with comfort around presenting new ideas and presentations to senior management.
Ability to think critically and logically.
Highly perceptive, inquisitive and methodical.
Proactive self-starter with good people management skills and a strong work-ethic.
Strong knowledge of IT processes and systems within a financial services context.
Practical knowledge of IT/cyber frameworks and implementation (Cobit, Basel II, FFIEC, NIST, and others).
Significant knowledge of IT processes and controls and an understanding of risk and quality control and assurance functions.
Recommended Skills Attention To Detail Auditing Change Management Communication Confidentiality Coordinating Estimated Salary: $20 to $28 per hour based on qualifications.
This director leads a team that works with the IT organization to ensure effective risk management and escalation to IT senior leaders.
The Senior Director of IT Risk will also have the responsibility to oversee the IT first line of defense risk team to monitor performance of controls, maintain documentation and support IT in risk identification, mitigation, and reporting.
The Senior Director of IT Risk will partner IT risk teammates with IT leaders to conduct operational controls and regulatory self-testing, issue management, risk and control self-assessments, and operational risk event activities.
This individual will collaborate with colleagues in Enterprise Risk Management and Compliance (2nd LOD) and Internal Audit (3rd LOD).
The position requires strong leadership and well-developed organizational skills.
This position also requires experience in compliance and/or risk management, specifically in IT risk and security with a financial institution.
Ultimately, this role will ensure that IT is controlling risk and exposure within the enterprise risk appetite.
Staff Management and Supervision Oversees a team of employees responsible for managing first line IT risk.
Provides leadership, coaching, mentoring, and training of staff.
Sets team and individual goals and resolves personnel issues.
Performs employee performance reviews and job evaluations.
Participates on committees and special projects as assigned.
Management of IT Risk Framework Activities Develop IT risk strategy, program, and governance frameworks.
Support IT units in conducting risk and control self-assessments (RCSAs) and the day-to-day management of the IT risk and control environment.
Support IT leadership in overseeing issue remediation, including the development and execution of viable issue remediation plans.
Support IT in the managing and monitoring of operational risk events, including reporting, remediation progress, and escalation when needed.
Oversee the IT control framework including QA and 1LOD control testing to evaluate the design and effectiveness of individual controls.
Evaluate external risk events for potentially emerging risk that may impact IT.
Identify opportunities to proactively address and mitigate emerging risks.
Assist with development of new IT policies, standards, and procedures.
Oversee annual reviews of policies, standards, and procedures to ensure accuracy and compliance.
Risk Initiatives Partner Manage IT relationship with internal and external auditors and regulators, and facilitate due diligence, exams, and reviews of IT.
Represent IT in enterprise risk initiatives in providing feedback and IT alignment to the design of enterprise programs.
Coordinate and ensure timely response to issues and questions coming from various risk partners and examiners.
Lead implementation, change management, and execution of IT responsibilities for enterprise-wide risk programs.
Review/monitor IT Self-Testing/KRI/Risk Management Work in partnership with senior management of IT to create Key Risk Indicator (KRI) reporting to monitor key compliance and risk metrics.
Ensure appropriate reporting and escalation of KRIs to various committees is performed.
Ensure IT management and employees are aware of and comply with regulations and risk framework requirements, bank policy, department standards and procedures through the development of key measurement and testing strategies.
Assist with identifying gaps and offer suggestions for resolutions.
Ensures compliance with applicable federal, state and local laws and regulations.
Completes all required compliance training.
Maintains knowledge of and adhere to Flagstar's internal compliance policies and procedures.
Takes responsibility to keep up to date with changing regulations and policies.
Job Requirements:
High School Diploma, GED, or foreign equivalent required.
Bachelor's degree in Technology preferred.
10 years of experience in IT risk, internal control or compliance role.
7 years in role related to technology operations in the financial industry.
Proven ability to partner effectively across all levels of the organization and develop positive working relationships.
Solid understanding of IT risk management frameworks, laws and regulations impacting financial institutions.
Able to manage and execute multiple complex projects within required timeframes.
Experience defining and documenting IT policies, standards, and processes.
Ability to analyze and assess the adequacy of IT controls and identify opportunities for reducing risk.
Solid understanding of Federal Financial Institutions Examination Council (FFIEC) requirements and Risk and Control Self-Assessments (RCSA).
Solid understanding of IT risk management and industry best practices.
Experienced supervising staff and ability to motivate a team to achieve success.
Demonstrated ability to follow company policies, standards, and procedures.
Strong attention to detail, ability to multi-task and well-developed organizational skills.
Demonstrated ability to maintain confidentiality using tact and diplomacy.
Excellent verbal and written communication skills with comfort around presenting new ideas and presentations to senior management.
Ability to think critically and logically.
Highly perceptive, inquisitive and methodical.
Proactive self-starter with good people management skills and a strong work-ethic.
Strong knowledge of IT processes and systems within a financial services context.
Practical knowledge of IT/cyber frameworks and implementation (Cobit, Basel II, FFIEC, NIST, and others).
Significant knowledge of IT processes and controls and an understanding of risk and quality control and assurance functions.
Recommended Skills Attention To Detail Auditing Change Management Communication Confidentiality Coordinating Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
