Senior Risk Officer Cybersecurity Security Architecture, Encryption and Secure Configuration (Remote)

About the position This is a remote role that may be hired in several markets across the United States. This role is responsible for analyzing risks within Operational Risk Management (ORM) Cybersecurity Risk Oversight (CRO) and assisting senior management in managing those risks. Employs comprehensive knowledge of risk management techniques, practices, and procedures as well as various banking regulatory requirements and processes. Works closely with regulators for continuous monitoring and exam management, business units, and enterprise-wide business support groups to manage cross-functional issues associated with risk. This role is responsible for maintaining influential relationships with senior management across the Three Lines of Defense and providing support for management and board committees. Maintains effective and productive external relationships. May have responsibility for managing and developing associates in the work group. This role has specialized focus on cybersecurity oversight of Security Architecture, Encryption and Secure Configuration processes and controls.

Responsibilities

• Develops new types of enterprise risk processes, analyses, and models as necessary.
• Identifies, evaluates, and plans strategies for improving risk management.
• Validates quantitative and qualitative risk measures.
• Maintains a strong knowledge of new and evolving risk management developments and industry changes.
• Assesses existing controls and works with management to comply with testing requirements.
• Identifies control deficiencies, monitors remediation of control deficiencies, and reports control issues to management.
• Prepares written reports for management review and approval.
• Communicates risk vision and regulatory requirements to stakeholders.
• Develops relationships and remains active within professional networks to stay abreast of current and emerging issues.
• Partners with business units to ensure implementation of and compliance with program policies and standards.
• Leads development and implementation of organizational training relating to ORM programs.
• Promotes risk awareness with stakeholders across the Bank through risk presentations, workshops, and roadshow materials.
• Develops and implements supporting business unit procedures as necessary.
• Provides support for other Enterprise & Operational Risk Management programs and initiatives such as risk control self-assessments, operational risk event reporting, and other activities.
• Participates as a risk advisor on project teams or committees to offer guidance related to risk best practices, processes and regulatory requirements.
• Works closely with Internal Audit and numerous regulatory agencies.
• Manages preparation activities for Internal Audit and regulatory exams and participates in related meetings.
• Partners with risk leadership to ensure components are received in a timely manner for posting prior to exam start.

Requirements

• Bachelor's Degree and 6 years of experience in Enterprise Risk or Operational Risk, and Project Management or Internal/External Consulting OR High School Diploma or GED and 10 years of experience in Enterprise Risk or Operational Risk, and Project Management or Internal/External Consulting
• Knowledge of risk techniques, practices, and control frameworks.
• Knowledge of various banking and government regulatory requirements and processes.
• Ability to work effectively with associates, senior management, and various committees.
• Knowledge of regulatory guidance pertaining to enterprise risk and operational risk.

Nice-to-haves

• Advanced Degree
• Experience working with Governance Risk and Compliance Applications.
• Experience with relevant industry frameworks such as NIST CSF 2.0 or CRI - Intermediate.
• Experience with secure configuration baselines - Intermediate.
• Experience with industry approved encryption methods and controls - Intermediate.
• Experience with design and structure of security systems, networks, and technologies, encompassing the infrastructure, controls, policies, and mechanisms used to protect information assets - Intermediate.
• License or Certification Type CISA, CRISC, CISM, CISSP or Cloud Certification - Preferred.

Benefits

• Competitive, thoughtfully designed and quality benefits program.

Apply tot his job Apply To this Job