The Technology & Cyber Risk Director is responsible for providing oversight, guidance, and independent challenge to the first line of defense regarding the management of technology and cyber risks. This position involves developing and implementing risk management frameworks, policies, and procedures, conducting risk assessments, and ensuring compliance with regulatory requirements. The director will collaborate with various stakeholders to enhance the Bank’s cybersecurity posture and technology risk management practices.

Position Responsibilities

Plan

• Develop and implement comprehensive technology and cybersecurity risk management frameworks and policies.
• Ensure alignment with regulatory requirements and industry best practices.
• Develop and deliver training programs to enhance awareness of technology and cybersecurity risk across the Bank.
• Provides oversight of the creation and implementation of compliance technology and cybersecurity policies and procedures, technology and tools and governance processes for technology and cybersecurity.
• Provides oversight of planning and implementation of technology and cybersecurity programs including their governance, identification of risk and controls.
• Oversee the implementation of technology and cybersecurity policies and standards.
• Ensure compliance with relevant regulatory requirements and internal policies.
• Coordinate with internal and external auditors for technology and cybersecurity risk audits.
• Implementation of guidance for overseeing technology and cyber operational risk, aligned with OCC Heightened Standards and other regulations.

Assess

• Responsible for providing effective challenge to the first line with respect to the technology and cyber security program that includes technology and cybersecurity, policies, compliance, and governance with the expanded scope to include internal employees, external customers (retail, small business and commercial), financial and regulatory agencies, and supplier partners.
• Conduct regular risk assessments and evaluations of technology and cybersecurity risks and provides appropriate challenge.
• Analyze potential threats and vulnerabilities, and their impact on the organization.
• Provide independent challenge to risk assessments conducted by the first line of defense/business risk control office.
• Provides counsel on best practices leveraging expertise and industry insights.Assess risk when business decisions are made, demonstrating knowledge for the Bank’s reputation, and safeguarding the Bank, it’s customers and assets, by driving compliance with applicable laws, rules, and regulations, and adhering to policy.

Monitor and Report

• Evaluates the design of controls and communicate the impact of control weaknesses to first line teams.
• Establish key risk indicators (KRIs) and metrics to monitor technology and cybersecurity risks.
• Prepare and present risk reports to senior management and the board of directors.
• Monitor current and emerging risks and changes to laws and regulations.
• Ensure timely escalation of critical risks and incidents.
• Oversee the incident response process and ensure effective management of technology and cyber incidents.
• Conduct post-incident reviews and recommend improvements to prevent future occurrences.

Leadership

• Lead oversight of the Technology Risk Pillar, to support heightened focus on technology risk management enterprise wide; and to ensure appropriate engagement of second line of defense with first line, to provide effective independent risk review, credible challenge, monitoring and oversight of technology and cybersecurity risk.
• Provides leadership to the second line to influence, advise and challenge operational security capability, including security incident management, vulnerability management and technology and cybersecurity threat intelligence.
• Represents in various steering committees and working groups.
• Present and lead discussions with key regulators, and internal and external auditors.
• Actively engaged in the industry on the latest in technology and cybersecurity risk and emerging operational risks.
• Promote a risk aware culture through regular communication and education initiatives.
• Participate on the Information & Risk Committee.
• Participate on the Technology Risk Committee.

Position Qualifications

• Bachelors degree from an accredited university in information technology, Cybersecurity, or a minimum of four years in working directly in Technology and/or Cybersecurity field
• 10 or more years Experience in technology and/or cybersecurity risk management
• 10 or more years Managing multiple technology systems and processes. Including the analysis of complex system architecture, data warehouses, and third-party applications and applicable controls
• 8 years Experience in developing and administering information security policies, required working knowledge of Sarbanes-Oxley, ISO Certifications and Data Privacy laws and regulations
• 5 years Experience in developing and implementing risk management frameworks and policy in the technology and/or cybersecurity area of responsibility
• 5 years Effective communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels
• 5 years Leading a team through a fast-paced dynamic environment and shifting priorities
• 5 years Experience in a financial services or other highly regulated industry

Position Qualifications

• Bachelors degree from an accredited university in information technology, Cybersecurity, or a minimum of four years in working directly in Technology and/or Cybersecurity field
• 10 or more years Experience in technology and/or cybersecurity risk management
• 10 or more years Managing multiple technology systems and processes. Including the analysis of complex system architecture, data warehouses, and third-party applications and applicable controls
• 8 years Experience in developing and administering information security policies, required working knowledge of Sarbanes-Oxley, ISO Certifications and Data Privacy laws and regulations
• 5 years Experience in developing and implementing risk management frameworks and policy in the technology and/or cybersecurity area of responsibility
• 5 years Effective communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels
• 5 years Leading a team through a fast-paced dynamic environment and shifting priorities
• 5 years Experience in a financial services or other highly regulated industry

Licenses/Certifications

• Preferred: CISSP (Certified Information Systems Security Professional)
• Preferred: CISM (Certified Information Security Manager)
• CRISC — Certified Risk Information Systems Control

Work Best Category:

Category C – Days in the office will either be designated days or will vary week to week from 2-5 days

Hours:

8:00am – 5:00pm Monday – Friday

Salary:

To Be Determined Based on Individual Experience