Overview
On Site
Full Time
Skills
IT Operations
Configuration Management
Collaboration
Continuous Improvement
Risk Management
Management
Leadership
Documentation
Reporting
IT Risk
Regulatory Compliance
Strategic Management
Disaster Recovery
Data Governance
Change Management
Decision-making
Information Technology
Computer Science
CISA
ISACA
IT Risk Management
Cyber Security
Testing
Auditing
SAP GRC
Finance
FFIEC
Job Details
Position Overview
This role is responsible for leading second-line oversight of enterprise-wide Information Technology Risk Management (ITRM). The position encompasses governance and strategic alignment of IT and cybersecurity functions, oversight of IT operations, change and configuration management, and the broader governance, risk, and compliance (GRC) landscape. The individual will collaborate closely with first-line technology risk teams to provide independent challenge and guidance on control design, implementation, and risk mitigation strategies across major IT and cybersecurity initiatives.
The role also includes evaluating the effectiveness of IT and IS controls through substantive testing and contributing to the continuous improvement of risk management practices and frameworks.
Key Responsibilities
Serve as a second-line advisor and challenger to first-line IT and cybersecurity teams on risk and control matters.
Oversee the implementation and maintenance of IT risk management practices across operational, security, and change management domains.
Support the enterprise adoption and integration of GRC platforms, promoting consistent usage and reporting across stakeholders.
Provide subject matter expertise on IT risk management, tailoring guidance to specific business platforms and operational contexts.
Contribute to the development of enterprise IT risk appetite statements and ensure alignment with business objectives.
Produce regular reports on IT risk posture, control effectiveness, and emerging risk themes for senior leadership and governance bodies.
Review and assess IT and cybersecurity control frameworks, documentation, and compliance reporting.
Analyze audit findings, regulatory feedback, and client assessments to identify systemic risk issues and recommend solutions.
Establish monitoring mechanisms to ensure adherence to IT risk policies, standards, and frameworks.
Conduct independent testing of IT general controls and application controls to validate design and operational effectiveness.
Advise on remediation strategies for control gaps and non-compliance areas.
Provide ongoing governance and strategic direction for IT risk management across the organization.
Engage with cross-functional leaders in areas such as disaster recovery, infrastructure, data governance, vendor risk, and change management to inform risk oversight.
Build and maintain strong relationships with business units to support risk-informed decision-making for new initiatives and projects.
Maintain and update second-line owned IT and cybersecurity policies and standards through periodic reviews.
Qualifications
Education:
Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field preferred.
Professional certifications such as CISA, CRISC, or equivalent are highly desirable.
Experience:
Minimum of 5 years in IT risk management, cybersecurity audit, or related roles within regulated industries.
At least 3 years of experience in IT control testing or audit functions.
Strong understanding of IT GRC frameworks and control environments.
Familiarity with regulatory expectations and industry standards, particularly those relevant to financial institutions (e.g., FFIEC, FDIC, CFPB).
This role is responsible for leading second-line oversight of enterprise-wide Information Technology Risk Management (ITRM). The position encompasses governance and strategic alignment of IT and cybersecurity functions, oversight of IT operations, change and configuration management, and the broader governance, risk, and compliance (GRC) landscape. The individual will collaborate closely with first-line technology risk teams to provide independent challenge and guidance on control design, implementation, and risk mitigation strategies across major IT and cybersecurity initiatives.
The role also includes evaluating the effectiveness of IT and IS controls through substantive testing and contributing to the continuous improvement of risk management practices and frameworks.
Key Responsibilities
Serve as a second-line advisor and challenger to first-line IT and cybersecurity teams on risk and control matters.
Oversee the implementation and maintenance of IT risk management practices across operational, security, and change management domains.
Support the enterprise adoption and integration of GRC platforms, promoting consistent usage and reporting across stakeholders.
Provide subject matter expertise on IT risk management, tailoring guidance to specific business platforms and operational contexts.
Contribute to the development of enterprise IT risk appetite statements and ensure alignment with business objectives.
Produce regular reports on IT risk posture, control effectiveness, and emerging risk themes for senior leadership and governance bodies.
Review and assess IT and cybersecurity control frameworks, documentation, and compliance reporting.
Analyze audit findings, regulatory feedback, and client assessments to identify systemic risk issues and recommend solutions.
Establish monitoring mechanisms to ensure adherence to IT risk policies, standards, and frameworks.
Conduct independent testing of IT general controls and application controls to validate design and operational effectiveness.
Advise on remediation strategies for control gaps and non-compliance areas.
Provide ongoing governance and strategic direction for IT risk management across the organization.
Engage with cross-functional leaders in areas such as disaster recovery, infrastructure, data governance, vendor risk, and change management to inform risk oversight.
Build and maintain strong relationships with business units to support risk-informed decision-making for new initiatives and projects.
Maintain and update second-line owned IT and cybersecurity policies and standards through periodic reviews.
Qualifications
Education:
Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field preferred.
Professional certifications such as CISA, CRISC, or equivalent are highly desirable.
Experience:
Minimum of 5 years in IT risk management, cybersecurity audit, or related roles within regulated industries.
At least 3 years of experience in IT control testing or audit functions.
Strong understanding of IT GRC frameworks and control environments.
Familiarity with regulatory expectations and industry standards, particularly those relevant to financial institutions (e.g., FFIEC, FDIC, CFPB).
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.