Senior Manager, Technology Risk

How you’ll make an impact

• Provide independent second-line review and credible challenge of first-line technology and information security activities, including cybersecurity controls, software development lifecycle (SDLC) and incident response programs, technology resiliency, and third-party arrangements
• Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security risk assessments; and provide independent oversight of technology and security risks in alignment with OCC guidance on cloud computing
• Serve as a primary second-line point of contact for OCC examiners, internal audit, and other external stakeholders on technology risk and information security program topics and inquiries; prepare and deliver technology risk reporting to risk committees, the CRO, and the board
• Build and lead a growing Technology Risk team, shaping how the bank identifies, prioritizes, and responds to its most important technology and security risks in alignment with applicable industry regulations
• Partner with first-line IT and cybersecurity teams, TPRM, ERM, Legal, and Compliance to ensure technology and information security risk is integrated into enterprise risk programs, cross-functional risk assessments, and the bank's overall 2LOD reporting and governance structure

Minimum Qualifications

• Bachelor's degree or equivalent practical experience in information technology, cybersecurity, or a related field
• 8+ years of experience in technology risk, information security risk management, IT audit, or GRC in a banking or financial services environment
• 3+ years of direct people management experience leading technology risk, information security governance, risk, and compliance, or information technology audit professionals
• Demonstrated experience applying FFIEC IT Examination Handbook standards and OCC guidance on technology risk and information security in a bank or federally regulated institution
• Experience engaging banking regulators (OCC, FDIC, or Federal Reserve) on technology risk, cybersecurity, or IT controls examination matters

Preferred Qualifications

• Experience building or significantly enhancing a technology risk or information security GRC program in a de novo bank, early-stage bank, or similar environment where the program required meaningful design and build-out
• Knowledge of cloud risk management and OCC/FFIEC guidance on cloud computing (OCC Bulletin 2020-46), particularly in cloud-native or fintech-adjacent technology environments
• Familiarity with affiliate technology risk oversight, including independent oversight of bank-affiliate technology service arrangements, associated data segregation requirements, and Regulation W implications
• Experience with GRC tool implementation or administration in a bank regulatory context
• Current professional certification in information security or technology risk management (CISSP, CISA, CRISC, CISM, or comparable)
• Knowledge of AI/ML technology risk and related governance considerations in a fintech, lending, or model-intensive operating environment

Compensation & Benefits

• Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
• Retirement benefits including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed
• Medical, dental, and vision benefits