Technology Risk Manager

POSITION OVERVIEW

This role is accountable for leading second line oversight of enterprise wide IT and Information Security risk practices. Responsibilities include governance of IT strategy, operations, cybersecurity, change and configuration management, and overall GRC (Governance, Risk, and Compliance) alignment. The position partners closely with first line technology and control teams to provide independent challenge, support control design, and evaluate risk across major IT and IS initiatives. The role also contributes to the development and execution of control testing, policy refinement, and risk reporting to senior governance bodies.

KEY RESPONSIBILITIES

• Serve as a second line advisor and challenger to first-line teams on IT risk, control design, and remediation strategies.
• Provide oversight across the IT Risk Management Framework, including areas such as infrastructure, change management, and cybersecurity.
• Support the implementation and continuous improvement of the enterprise GRC platform, promoting adoption across business units.
• Deliver subject matter expertise on IT risk and control practices, tailored to the unique needs of different business platforms.
• Contribute to the development of the enterprise IT risk appetite and ensure alignment with business objectives.
• Produce regular reporting on IT risk posture, control effectiveness, and emerging risk themes for executive and board level audiences.
• Review and assess IT and IS control documentation, audit findings, and regulatory feedback to identify trends and recommend solutions.
• Establish monitoring routines to ensure compliance with IT risk policies, standards, and frameworks.
• Conduct second line control testing to evaluate the design and operational effectiveness of general and application level IT controls.
• Advise on remediation strategies for control gaps and provide credible challenge on risk mitigation plans.
• Collaborate with IT, Security, Infrastructure, and Business Continuity leads to ensure risk is appropriately managed across domains.
• Maintain strong relationships with business and technology stakeholders to provide risk guidance on new initiatives and projects.
• Own and maintain second line IT and IS policies and standards, including annual reviews and updates.

QUALIFICATIONS

Education:

• Bachelor's degree in Computer Science, Information Security, or a related field preferred.
• Professional certifications such as CISA, CRISC, or equivalent are strongly preferred.

Experience:

• 5+ years of experience in IT Risk, Information Security, or Audit within financial services.
• 3+ years of hands-on experience with IT control testing or IT audit.
• Strong understanding of IT GRC frameworks and regulatory expectations (FDIC, CFPB, FFIEC, etc.).

Skills & Competencies:

• Strategic thinker with a deep understanding of IT risk in a financial services context.
• Excellent communication skills, with the ability to tailor messaging to both technical and non-technical audiences.
• Proven ability to build strong cross-functional relationships and influence stakeholders at all levels.
• Skilled in Microsoft Excel, PowerPoint, and data-driven reporting.
• Demonstrated ability to manage projects and drive initiatives to completion.