The Enterprise Technology & Security (ETS) Risk Director directs a team of risk professionals, developing comprehensive risk management strategies, and ensuring the organization's technology risk practices are robust, effective, and aligned with industry standards and regulatory requirements. This executive-level position provides strategic leadership over a dedicated ETS risk function, setting the direction for risk identification, assessment, and mitigation across the bank's technology and security domains. The Director serves as a key advisor to senior leadership on technology risk matters, drives the maturation of the enterprise risk framework, and maintains strong relationships with regulators, audit, and governance bodies.

• Lead and oversee the Technology Risk Management function, providing strategic direction to a team of risk professionals and fostering a culture of accountability, excellence, and continuous improvement.

• Develop, implement, and continuously evolve a comprehensive technology risk management strategy and framework aligned with enterprise risk appetite, regulatory expectations, and industry best practices.

• Oversee the identification, assessment, monitoring, and reporting of technology and security risks across systems, applications, infrastructure, and processes.

• Serve as the primary executive liaison for regulatory examinations, internal audits, and supervisory engagements related to technology and security risk, ensuring effective coordination and high‑quality outcomes.

• Define and maintain technology risk policies, standards, control libraries, and assessment methodologies to support consistent and scalable risk management practices.

• Partner with senior technology leaders, business executives, compliance, audit, and governance teams to embed risk management into strategic planning and decision‑making.

• Provide clear, actionable, executive‑level risk reporting and insights to the Risk Committees and senior management, translating complex risk landscapes into strategic guidance.

• Oversee the portfolio of risk findings, regulatory commitments, and corrective action plans, driving timely, effective, and sustainable remediation.

• Lead oversight of Third-Party Risk Management for the organization’s technology and security critical service provider relationships.

• Monitor industry trends, emerging threats, and regulatory developments to proactively adjust the organization’s risk posture.

• Champion a strong risk‑aware and risk‑informed culture across the technology organization through education, engagement, and communication.

Cloud & Modern Engineering Platforms

• Working knowledge of cloud services and architectures (AWS and Azure preferred), including shared responsibility models, identity and access management, and cloud‑native security controls.

• Experience assessing risk in DevSecOps, CI/CD pipelines, containerized workloads (Docker/Kubernetes), and infrastructure‑as‑code environments.

Infrastructure, Platform & Engineering Risk

• Strong understanding of enterprise infrastructure platforms, including Windows, Linux (RHEL), virtualization (VMware), databases, middleware, and core network services.

• Experience evaluating end‑of‑life (EOL) / end‑of‑support (EOS) risk, technical debt, and remediation prioritization across large engineering estates.

Cybersecurity & Resilience

• Hands‑on familiarity with vulnerability management, platform hardening, secure configuration standards, and threat remediation prioritization.

• Experience with technology resilience, including BCP/DR, cyber recovery, data protection, backup strategies, and resiliency testing.

• Ability to translate engineering and cyber risks into business impact, service disruption, regulatory exposure, and customer risk.

Risk Frameworks & Governance

• Deep experience with enterprise technology risk management routines, including RCSAs, issue management, risk assessments, targeted reviews, and control testing.

• Working knowledge of regulatory and risk frameworks relevant to financial institutions (FFIEC, NIST, ISO, COBIT, COSO, CRI).

• Proven ability to synthesize large volumes of technical risk data into clear, prioritized executive‑level insights.

Required:

• 12+ years of progressive experience in IT risk management, information security, or internal audit, including 5+ years in a senior leadership role.

• Demonstrated executive leadership experience, including building and developing high-performing risk teams in complex, regulated environments.

• Comprehensive expertise in risk frameworks including CRI Profile, NIST 800-53, NIST CSF, COBIT, and ITIL, with a track record of applying them at an enterprise scale.

• Deep familiarity with regulatory expectations and supervisory frameworks applicable to regional banks (OCC, Federal Reserve, FDIC).

• Exceptional communication and influencing skills; proven ability to present risk strategy and findings to Board-level and executive audiences.

• Experience leading large-scale regulatory examinations, audit engagements, and enterprise-wide corrective action programs.

• Proven ability to set strategic direction, manage organizational priorities, and deliver results in a fast-paced, evolving environment.

Preferred:

• Prior experience as a risk director or equivalent executive in a federally regulated financial institution.

• Track record of building or transforming enterprise-level technology risk programs.

• Strong network within the financial services risk and technology community.

• Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required; Master's degree (MBA, MS in Cybersecurity, or equivalent) strongly preferred.
• One or more of the following certifications are preferred:
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)

Hours & Work Schedule

• Hours per Week: 40
• Work Schedule: Monday-Friday
• Hybrid: 4 days per week onsite, 1 day remote

#LI-Citizens1