# Senior Manager, Technology Risk

**Company:** [Upstart](https://hotfix.jobs/companies/upstart)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $172k – $238k/yr
**Experience:** 8+ years
**Skills:** Ffiec It Examination Handbook, Occ Guidance, Cybersecurity Assessment Tool, Cat, Technology Risk Management, Information Security Risk Management, It Audit, GRC, Cloud Computing Risk, Cissp, Cisa, Crisc, Cism
**Posted:** 2026-06-08

> Lead second-line technology and information security risk oversight for a de novo national bank, establishing the 2LOD technology risk framework and providing independent oversight of IT, cybersecurity, and cloud infrastructure.

## Job Description

## How you’ll make an impact

- Provide independent second-line review and credible challenge of first-line technology and information security activities, including cybersecurity controls, software development lifecycle (SDLC) and incident response programs, technology resiliency, and third-party arrangements
- Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security risk assessments; and provide independent oversight of technology and security risks in alignment with OCC guidance on cloud computing
- Serve as a primary second-line point of contact for OCC examiners, internal audit, and other external stakeholders on technology risk and information security program topics and inquiries; prepare and deliver technology risk reporting to risk committees, the CRO, and the board
- Build and lead a growing Technology Risk team, shaping how the bank identifies, prioritizes, and responds to its most important technology and security risks in alignment with applicable industry regulations
- Partner with first-line IT and cybersecurity teams, TPRM, ERM, Legal, and Compliance to ensure technology and information security risk is integrated into enterprise risk programs, cross-functional risk assessments, and the bank's overall 2LOD reporting and governance structure

## Minimum Qualifications

- Bachelor's degree or equivalent practical experience in information technology, cybersecurity, or a related field
- 8+ years of experience in technology risk, information security risk management, IT audit, or GRC in a banking or financial services environment
- 3+ years of direct people management experience leading technology risk, information security governance, risk, and compliance, or information technology audit professionals
- Demonstrated experience applying FFIEC IT Examination Handbook standards and OCC guidance on technology risk and information security in a bank or federally regulated institution
- Experience engaging banking regulators (OCC, FDIC, or Federal Reserve) on technology risk, cybersecurity, or IT controls examination matters

## Preferred Qualifications

- Experience building or significantly enhancing a technology risk or information security GRC program in a de novo bank, early-stage bank, or similar environment where the program required meaningful design and build-out
- Knowledge of cloud risk management and OCC/FFIEC guidance on cloud computing (OCC Bulletin 2020-46), particularly in cloud-native or fintech-adjacent technology environments
- Familiarity with affiliate technology risk oversight, including independent oversight of bank-affiliate technology service arrangements, associated data segregation requirements, and Regulation W implications
- Experience with GRC tool implementation or administration in a bank regulatory context
- Current professional certification in information security or technology risk management (CISSP, CISA, CRISC, CISM, or comparable)
- Knowledge of AI/ML technology risk and related governance considerations in a fintech, lending, or model-intensive operating environment

## Compensation & Benefits

- Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
- Retirement benefits including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed
- Medical, dental, and vision benefits

## Similar roles

- [Senior Security Engineer, Endpoint](https://hotfix.jobs/jobs/c02e6a58-776e-461e-8bd3-ec1166ec40c8) - Ramp - New York, NY - $172k – $236k/yr
- [Senior Security Architect, Applied Field Engineering (AFE)](https://hotfix.jobs/jobs/2b949a31-bfc8-4d2b-aa6d-f0896ee0d04b) - Snowflake - Menlo Park, CA - $172k – $226k/yr
- [Senior Security Architect, Applied Field Engineering (AFE)](https://hotfix.jobs/jobs/e0bb51d6-509a-4b41-85b5-59ffafabf6e2) - Snowflake - New York, NY - $172k – $226k/yr
- [GRC Automation & Assurance Lead](https://hotfix.jobs/jobs/8413b7c3-5dc3-4909-81d6-821934e12890) - Rokt - New York, NY - $174k – $215k/yr
- [Sr. Threat Researcher](https://hotfix.jobs/jobs/12a7f854-0643-4ecc-ac5c-02cac18108b5) - Illumio - Sunnyvale, CA - $170k – $196k/yr

**Apply:** https://hotfix.jobs/jobs/55fd3e50-6546-4e60-8000-757f20c0ff01
**Canonical:** https://hotfix.jobs/jobs/55fd3e50-6546-4e60-8000-757f20c0ff01