• Strategic Oversight: Manage strategic and day-to-day oversight of information and cyber security-related risk management and related control practices across the organization.
• Stakeholder Engagement & Advisory: Collaborate with various business, IT, and operational teams to promote a strong risk culture, offering guidance on control design and risk mitigation strategies. Serve as the primary liaison between Corporate Information Security, business units, and external auditors/examiners on information and cyber security control matters.
• Control Framework Development & Oversight: Design, implement, and maintain IT control frameworks, ensuring alignment with industry best practices (e.g., NIST, CRI, COBIT, COSO) and regulatory standards. Oversee ongoing control assessments to facilitate timely remediation of identified gaps.
• Risk Identification & Management: Partner with IT and Business Unit stakeholders to identify emerging technology risks, evaluate potential impacts, and develop mitigation strategies. Drive continuous monitoring of key risk indicators (KRIs) to maintain proactive identification and resolution of risk areas.
• Policy & Regulatory Compliance: Ensure adherence to internal policies, regulatory requirements, and cybersecurity standards applicable to the bank’s environment. Coordinate with the Legal and Compliance teams to stay abreast of new or changing regulations and provide guidance to business units.
• Controls Design & Inventory: Design and implement effective controls to mitigate identified risks, providing recommendations for improvement where necessary.
• ISRA Program Management: Lead the execution and documentation of ISRA and Corporate Information Security processes across the organization to ensure it aligns with regulatory requirements and industry best practices. Assist with designing and enhancing the ISRA and Corporate Information Security programs, ensuring compliance with internal policies, industry best practices and regulatory requirements.
• Risk Assessment: Coordinate and facilitate risk assessment workshops and activities to identify potential information and cyber security risks and control gaps. Analyze risk data to assess the likelihood and impact of risks on the bank’s operations.
• Proactive Oversight: Ensure proactive identification of potential information and cyber security control issues and deficiencies, determine root causes, and develop and execute on necessary remediation plans.
• Team Leadership & Development: Supervise and mentor a team of information and cyber security risk professionals, setting performance expectations, providing regular feedback, and fostering professional growth. Promote a culture of accountability, collaboration, and continuous learning within the team and across front line units.
• Reporting & Communication: Prepare comprehensive reports for senior management, regulatory bodies, and board committees with clear insights into information and cyber security risk exposure and control effectiveness, and action plans for identified gaps. Exceptional written and verbal communication skills, with the ability to clearly convey technical risk concepts to non-technical audiences and executive leadership.
• Training & Awareness: Lead training sessions to enhance staff understanding of information and cyber security risk management principles, control processes, and responsibilities. Promote a proactive information and cyber security risk management culture through continuous education and awareness initiatives.
• Continuous Improvement: Evaluate and improve the overall information and cyber risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
• Audit & Regulatory Coordination: Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available. Act as a liaison between the business and regulators, providing transparent and comprehensive updates on the information and cyber risk management program.
• Risk Management: Collaborate with senior leadership and department heads to identify and evaluate key risks, implement risk control measures, and monitor risk mitigation efforts.
• Governance: Oversee regular governance forums to ensure timely escalation, decision-making, and resource allocation for risk remediation activities.

Required Qualifications:

​

• Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field.

​

Preferred Qualifications:

​

• Advanced degree and/or preferred industry-recognized certifications:
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• CGEIT (Certified in the Governance of Enterprise IT)
• (Any combination of these certifications or equivalent professional designations is highly desirable.)
• Deep understanding of banking regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
• Strong understanding of IT governance frameworks (e.g., NIST, CRI, COBIT), as well as relevant regulations (e.g., FFIEC, SOX, GLBA).
• Demonstrated ability to analyze complex technological environments and design appropriate control mechanisms.
• In-depth knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.

The estimated salary range for this position is $170,000.00 to $185,000.00. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

​

#LI-Hybrid

​

#LI-FO1

​

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.