Senior Managing Director – IT Front Line Controls Officer

Senior Managing Director – IT Front Line Controls Officer

Requirements

• Bachelor’s degree in Finance, Accounting, Business Administration, or a related field.
• Advanced degree and/or preferred industry-recognized certifications: CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control), CGEIT (Certified in the Governance of Enterprise IT).
• Minimum of 15 years progressive experience in technology risk, enterprise risk, operational risk, cybersecurity, or internal audit within the banking or financial services industry.
• Substantial experience leading first line technology risk programs, design and execution of risk management frameworks, RCSA and control testing, or similar internal audit testing programs.
• Deep understanding of banking regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
• Strong understanding of IT governance frameworks (e.g., NIST CSF, COBIT), as well as relevant regulations (e.g., FFIEC, SOX, GLBA).
• Demonstrated ability to analyze complex technological environments and design appropriate control mechanisms.
• In-depth knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.

Responsibilities

• Manage strategic and day-to-day oversight of technology-related risk management and control practices across the entire organization, including management of the IT Front Line Control Office team.
• Collaborate with various business, IT, and operational teams to promote a strong risk culture, offering guidance on control design and risk mitigation strategies.
• Design, implement, and maintain IT control frameworks, ensuring alignment with industry best practices (e.g., NIST, COBIT, COSO) and regulatory standards.
• Partner with IT and Front Line Unit stakeholders to identify emerging technology risks, evaluate potential impacts, and develop mitigation strategies.
• Ensure adherence to internal policies, regulatory requirements, and cybersecurity standards applicable to the bank’s technology environment.
• Design and implement effective controls to mitigate identified risks, providing recommendations for improvement where necessary.
• Lead the execution and documentation of RSCA processes across the IT Front Line Units (FLU) to ensure it aligns with regulatory requirements and industry best practices.
• Coordinate and facilitate risk assessment workshops and activities to identify potential risks and control gaps.
• Ensure proactive identification of potential control issues and deficiencies, determine root causes, and develop and execute on necessary remediation plans.
• Supervise and mentor a team of IT control professionals, setting performance expectations, providing regular feedback, and fostering professional growth.
• Prepare comprehensive reports for senior management, regulatory bodies, and board committees with clear insights into IT risk exposure and control effectiveness, and action plans for identified gaps.
• Lead training sessions to enhance staff understanding of IT risk management principles, control processes, and RCSA responsibilities.
• Evaluate and improve the overall risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
• Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available.
• Collaborate with senior leadership and department heads to identify and evaluate key risks, implement risk control measures, and monitor risk mitigation efforts.
• Oversee regular governance forums to ensure timely escalation, decision-making, and resource allocation for risk remediation activities.

Preferred Qualifications

• In-depth knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.