Director - IT FLCO Back Office Application Risk Lead

If you're looking for a meaningful career, you'll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster's values, these set us apart as a bank and as an employer.

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

The Director, Front Line Controls Officer will play a critical leadership role in overseeing and strengthening the bank's technology and application control environment. This individual will report to the Managing Director Front Line Control Officer and serve as the primary risk partner to the bank's Business Solutions team to ensure that technology risks are proactively identified, assessed, and mitigated across the enterprise.

Key responsibilities include building and maintaining a comprehensive control inventory, enhancing the risk and control self-assessment (RCSA) program, and ensuring alignment with internal policies, regulatory requirements, and industry best practices. The role will also provide risk partnership for key technology processes, including system availability, Batch Operations (job scheduling and secure file movement) , monitoring and logging , release management, quality assurance, and Application Programming Interface (API) management. The ideal candidate will bring deep expertise in technology risk management and internal controls within the banking sector that enable the candidate to serve as the "voice of risk" with key Business Solutions initiatives and large-scale, high-visibility regulatory remediation programs.

Key Responsibilities:

• Leadership & Strategy: Oversight and management for a Technology Front Line Unit (FLU) aligning with the vision and objectives set by the Chief Controls Officer and the IT First Line Controls Officer. Leverage agile principals to operate transparently.
• Proactive Oversight: Drive the early identification of control issues, emerging risks, and process deficiencies. Lead root cause analysis and oversee the development and execution of robust, sustainable remediation plans to address control gaps and prevent recurrence. Analyze risk data to assess likelihood, impact, and trends, and provide actionable insights to senior leadership.
• SDLC Engagement: Partner closely with peers within the IT First Line Control Office and Cloud Engineering to support risk-informed decision-making across the technology development lifecycle; serve as "voice of risk." Effectively integrate into key tollgates, including reviews of quality assurance testing plans and results, to provide strong risk support for assigned application portfolios.
• Application Risk Assessment: Using a risk-based approach, perform application technology risk assessments, including dimensions of password compliance, user access provisioning and deprovisioning, segregation of duties, resiliency, computer operations, alignment to firm standards, vulnerability health, technical currency and availability. Maintain ongoing engagement with application teams and ensure new services and configurations are appropriately secured and monitored.
• RSCA Program Management: Lead the execution and documentation of RSCA processes across the respective Front Line Units (FLUs) to ensure it aligns with regulatory requirements and industry best practices. Assist with designing and enhancing the RCSA program, ensuring compliance with internal policies, industry best practices and regulatory requirements.
• Reporting & Communication: Develop and deliver executive-level reporting that highlight risk trends, control effectiveness, and areas requiring attention.
• Continuous Improvement: Evaluate and improve the overall risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
• Audit & Regulatory Coordination: Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available. Act as a liaison between the business and regulators, providing transparent and comprehensive updates on the risk management program.
• Compliance Assurance: Ensure adherence to applicable regulations and banking standards, partnering closely with Compliance, Internal Audit, and other control functions.

Skills/Experience/Education Requirements:

• Education:
  • Bachelor's degree in Technology, Risk Management, or a related field.
  • Risk certifications preferred (CISA, CISSP, PMP, etc)

• Experience:
  • Minimum of 7+ years of experience in IT risk management, operational risk, or technology internal audit within the banking or financial services industry.
  • Substantial experience in leading Risk and Control Self-Assessment (RCSA), Internal Controls Design or similar Controls Testing programs within the banking sector.
  • At least 4 years in a leadership role within the banking sector.

• Knowledge:
  • Deep understanding of governance, change management, banking regulations, risk management frameworks, internal control standards, and code QA best practices.
  • Strong familiarity with application architecture, regression testing, user acceptance testing, automation, observability, and agile software practices.
  • Strong understanding of operational risk management techniques and control assessment methodologies.
  • Knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.
  • Deep understanding of technology risk frameworks for infrastructure, cloud, cybersecurity, service management, and delivery (e.g., NIST, ISO, FFIEC), CRI/CRI Profile, and risk rating methodologies.

• Skills:
  • Excellent leadership and project management skills.
  • Strong analytical, problem-solving, and decision-making skills.
  • Excellent verbal and written communication abilities, with the capacity to present complex information clearly.
  • Ability to influence senior stakeholders and build effective working relationships across business units and lines of defense.
  • Strategic thinker with attention to detail and operational acumen.
  • Strong commitment to quality and continuous improvement.
  • Proficiency in risk management software and data analysis tools.

The estimated salary range for this position is $140,000.00 to $175,000.00. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

#LI-Hybrid

#LI-FO1

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.