Technology Risk Management

Poste et missions

Join Natixis as a Technology Risk Manager within our Technology Risk Management (TRM) team, operating in the Second Line of Defense (2LOD). This strategic role is crucial for ensuring robust risk management over IT Operations, Development, and Governance. You will play a key part in overseeing governance and compliance activities for the Technology Risk function, including policy maintenance, 2LOD control testing, and preparing reports for relevant governance committees. As a key point of contact, you will support the Chief Information Security Officer (CISO) in the day-to-day operations of the Technology Risk function.

Key Responsibilities:

• Policy Enhancement:
  
  • Enhance Technology Risk policies and related documentation for the U.S. platform.
  • Review local policies to ensure appropriate quality, ownership, coverage, and implementation.
  • Support the development of Policy and Procedure documentation to address gaps in the existing policy framework.
• Risk Management and Control Testing:
  
  • Conduct Technology Risk Assessments and drive mitigation actions.
  • Perform periodic Technology Risk control testing to ensure appropriate oversight of the First Line of Defense (1LOD).
  • Update and maintain results within the firm's Governance, Risk, and Compliance (GRC) tool.
  • Track and follow up on Audit and Regulatory recommendations and findings.
• Risk Reporting:
  
  • Provide essential administrative support for TRM monthly governance committees and other senior management meetings and presentations, as necessary.
  • Coordinate documentation gathering for internal and external audits, as well as regulatory examinations.
  • Conduct data analysis and mining required for Head Office and local Key Risk Indicator (KRI) and Key Performance Indicator (KPI) reporting.
• Training and Awareness Program:
  
  • Develop and support Information and Cyber Security training programs for employees, including weekly Information Security awareness sessions for new joiners.
  • Assist in the development and support of platform-wide phishing campaigns and targeted spear-phishing initiatives.

Qualifications:

• Bachelor's degree in Business, Computer Science, Information Security, or a related field.
• 5+ years of experience in Technology Risk or Information Security.
• Previous experience in related areas, such as Information Security and IT Risk & Control functions, is required.
• Prior exposure to industry frameworks (e.g., NIST, COBIT, FFIEC) and regulations (e.g., NY DFS500, EBA/GL/2019/04, NFA).
• Strong technical problem-solving and data analytical skills.
• Proven experience writing clear and accurate content for internal publications, such as training materials, bulletins, and memos.
• Effective teamwork, communication, collaboration, and relationship-building skills.
• Ability to operate across IT functions (U.S., Head Office, and other geographies).
• Strong sense of ownership and drive.
• Excellent organizational, time management, and prioritization skills.
• Certification (or working towards) in CISSP, CISA, CISM, CRISC, or CIA is a plus.
• Strong communication and interpersonal skills, with the ability to engage with employees at all levels, including other geographical platforms.
• Detail-oriented manager with a strong working knowledge of program, portfolio, and project management techniques, processes, and methodologies.
• Ability to work independently while collaborating effectively in teams.
• High degree of integrity and a strong work ethic.
• Commitment to timely follow-through on commitments.
• Capability to navigate and work across departments while understanding and anticipating their constraints.
• Experience in a multicultural environment is preferred.
• Proficiency in MS Excel, PowerPoint, and Word is required; familiarity with RSA Archer is a plus.

Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law.

Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities.

The salary range for this Vice President position will be between $160,000 - $185,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance

Profil et comptences requises

Technology Risk Management