Skip to content
UpstartUpstartUnited States

Senior Manager, Technology Risk

Lead second-line technology and information security risk oversight for a de novo national bank, establishing the 2LOD technology risk framework and providing independent oversight of IT, cybersecurity, and cloud infrastructure.

172k – 238k/yr
Remote8+ YOESecurity Engineering

About the role

How you’ll make an impact

  • Provide independent second-line review and credible challenge of first-line technology and information security activities, including cybersecurity controls, software development lifecycle (SDLC) and incident response programs, technology resiliency, and third-party arrangements
  • Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security risk assessments; and provide independent oversight of technology and security risks in alignment with OCC guidance on cloud computing
  • Serve as a primary second-line point of contact for OCC examiners, internal audit, and other external stakeholders on technology risk and information security program topics and inquiries; prepare and deliver technology risk reporting to risk committees, the CRO, and the board
  • Build and lead a growing Technology Risk team, shaping how the bank identifies, prioritizes, and responds to its most important technology and security risks in alignment with applicable industry regulations
  • Partner with first-line IT and cybersecurity teams, TPRM, ERM, Legal, and Compliance to ensure technology and information security risk is integrated into enterprise risk programs, cross-functional risk assessments, and the bank's overall 2LOD reporting and governance structure

Minimum Qualifications

  • Bachelor's degree or equivalent practical experience in information technology, cybersecurity, or a related field
  • 8+ years of experience in technology risk, information security risk management, IT audit, or GRC in a banking or financial services environment
  • 3+ years of direct people management experience leading technology risk, information security governance, risk, and compliance, or information technology audit professionals
  • Demonstrated experience applying FFIEC IT Examination Handbook standards and OCC guidance on technology risk and information security in a bank or federally regulated institution
  • Experience engaging banking regulators (OCC, FDIC, or Federal Reserve) on technology risk, cybersecurity, or IT controls examination matters

Preferred Qualifications

  • Experience building or significantly enhancing a technology risk or information security GRC program in a de novo bank, early-stage bank, or similar environment where the program required meaningful design and build-out
  • Knowledge of cloud risk management and OCC/FFIEC guidance on cloud computing (OCC Bulletin 2020-46), particularly in cloud-native or fintech-adjacent technology environments
  • Familiarity with affiliate technology risk oversight, including independent oversight of bank-affiliate technology service arrangements, associated data segregation requirements, and Regulation W implications
  • Experience with GRC tool implementation or administration in a bank regulatory context
  • Current professional certification in information security or technology risk management (CISSP, CISA, CRISC, CISM, or comparable)
  • Knowledge of AI/ML technology risk and related governance considerations in a fintech, lending, or model-intensive operating environment

Compensation & Benefits

  • Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
  • Retirement benefits including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed
  • Medical, dental, and vision benefits

Skills

Ffiec It Examination HandbookOcc GuidanceCybersecurity Assessment ToolCatTechnology Risk ManagementInformation Security Risk ManagementIt AuditGRCCloud Computing RiskCisspCisaCriscCism
Ramp

Senior Security Engineer, Endpoint

RampNew York, NY

Architect endpoint security posture for macOS, Windows, and mobile fleets at Ramp. Build MDM policies as code with Terraform/GitOps, automate patching and software distribution, mine telemetry for detections, and shape security for an agentic AI future. Requires deep macOS/MDM experience and strong IaC skills.

172k – 236k/yr
Hybrid5+ YOESecurity Engineering
Snowflake

Senior Security Architect, Applied Field Engineering (AFE)

SnowflakeMenlo Park, CA +2

Drives strategic customer engagements to architect secure AI and data platforms on Snowflake, transitioning from legacy security to unified architectures with AI governance, IAM, and compliance. Requires 5+ years in security, data, or AI engineering with strong customer-facing skills.

172k – 226k/yr
On-site5+ YOESecurity Engineering
Snowflake

Senior Security Architect, Applied Field Engineering (AFE)

SnowflakeNew York, NY +1

Drives strategic customer engagements to architect secure data platforms on Snowflake, focusing on AI security, identity management, and modern SecOps. Partners with sales and engineering to transition customers to unified security architectures with 5+ years experience in security or data engineering.

172k – 226k/yr
Hybrid5+ YOESecurity Engineering
Rokt

GRC Automation & Assurance Lead

RoktNew York, NY

Lead GRC audit, assurance, and compliance programs while architecting and shipping AI agents to automate evidence collection, control testing, questionnaires, and audit prep for ISO 27001 and SOC 2.

174k – 215k/yr
On-site4+ YOESecurity Engineering
Illumio

Sr. Threat Researcher

IllumioSunnyvale, CA

Senior Threat Researcher analyzes large-scale security datasets to identify attacker TTPs, maps threats to MITRE ATT&CK, and collaborates with product teams to enhance detection, risk insights, and segmentation strategies at a cybersecurity firm. Requires 5+ years in threat research or related fields.

170k – 196k/yr
On-site5+ YOESecurity Engineering