Enterprise Information Risk Management Officer

Overview

On Site
Depends on Experience
Full Time

Skills

IT Risk
IT Risk Management
Policies and Procedures
Cyber Security
Incident Management
Leadership
Risk Assessment

Job Details

The Enterprise Information Risk Management Officer serves as a key authority in technology and Cybersecurity risk management, acting as an independent second line of defense, overseeing the effective identification, mitigation, monitoring, and reporting of enterprise technology and cybersecurity risks. As a subject matter expert (SME), advise first-line leaders and technical teams, ensuring alignment with the bank's risk appetite and objectives. Actively influences cybersecurity strategies by providing recommendations to senior leadership and the board. Critically reviews first-line risk and security assessments, Policies, Standards, and Risk Acceptances, ensuring their adequacy. Plays an active role in technology risk committees, upholding regulatory requirements, and guiding the formulation and oversight of enterprise-wide technology risk policies. This includes active and independent oversight of the First Line's Governance, Risk and Compliance (GRC) function, which includes review and acceptance of all reporting to Executive Management and the Board Risk Committees. This role reports to the Enterprise Risk Management Director.

Principal Duties & Responsibilities:

  • Provides independent risk oversight (second line of defense/2 LOD) ensuring effective identification, mitigation, monitoring and reporting of enterprise technology and cybersecurity risks.
  • Serves as SME; provides risk advisory to 1 LOD leaders (Chief Information Security Officer, Chief Information Officer, Chief Technology Officer) and technical teams, supporting the bank's strategies and objectives to operate within established risk appetites.
  • Influences cybersecurity management through recommendations to the bank senior leadership, including the Board of Directors, Senior Management and other CNB executives to form decisions on risk prioritization to close identified gaps.
  • Reviews and challenges adequacy of risk and information security assessments and testing produced or contracted by first line of defense (RCSAs, FCAT, Pen Testing, others).
  • Ensures enterprise technology risks are properly recorded on the bank s enterprise risk management platform.
  • Ensures proper strategies are in place to bring risks to acceptable levels.
  • This includes ensuring proper remediation actions are properly implemented, such as adoptions of new security technologies and platforms, business processes, third-party contracts, among others.
  • Ensures enterprise technology risks are properly reported to Sr. Management and Board of Directors, including but not limited to KRIs and other metrics.
  • Serves as member of the technology risk committee and participate in the enterprise management and board risk committees when applicable for technology risk related topics.
  • Upholds regulatory requirements for technology risk.
  • Ensure regulatory changes affecting the technology landscape are effectively understood, represented in policies and procedures and properly implemented.
  • Provides direction and guidance in the development, implementation and maintenance of policies, procedures and standards.
  • Executes oversight of multiple enterprise-wide policies affecting technology risk.
  • In the event of significant cybersecurity incidents, performs oversight ensuring 1 LOD incident response plan activities are executed accordingly.

Qualifications:

  • 8-10 years of work experience in the fields of cybersecurity, information technology, or risk management required.
  • 5-7 years of experience with analysis emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers preferred.
  • In-depth knowledge and ability to effectively manage all major aspects of IT, Data and Information, Security, as well as Risk and Compliance within the IT organization.
  • Demonstrated experience overseeing IT and Cyber-related risk assessments in a complex technical environment.
  • Excellent verbal and written communication skills.
  • Must possess strong analytical capabilities and have a desire to learn new things.
  • Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate.
  • Passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions.
  • Ability to manage multiple projects while maintaining superior results.
  • Ability to work cross-functionally, individually, and to lead work among a team.
  • Execution oriented and a self-motivator.

Education:

  • Bachelor's Degree in Cyber Security or related field.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About City National Bank of Florida