Director of Information Technology Risk

The Director of Information Technology Risk will be responsible for providing strategic leadership, expert guidance, credible challenge, and effective oversight of Information Technology—excluding cybersecurity—within the Second Line of Defense (2LOD) Enterprise Risk Management (ERM) function.

This individual will shape and lead the Bank’s non-cyber IT risk management program by establishing frameworks, standards, and governance for identifying, assessing, monitoring, and reporting on technology-related risks across infrastructure, applications, platforms, IT operations, processes, governing/oversight bodies, and change management activities. This is a highly visible role requiring extensive engagement with technology leadership, business executives, auditors, and regulators.

This role will require an individual with deep technology knowledge in Risk & Controls, 2LOD structure and oversight methods, exceptional relationship management, communication, and influencing skills at all levels.  This role will work closely with first line technology, operations, and business teams, as well as audit and regulators.

• Develop, implement, and enhance the enterprise-wide 2LOD risk oversight framework for IT Risk (excluding Cybersecurity), ensuring alignment with regulatory expectations, business strategy, and risk appetite.
• Provide credible challenge in all subjects, areas, and processes of Information Technology
• Lead independent identification and assessment of IT risks and issues related to system availability, data integrity, change management, application development, technology resiliency, configuration management, IT service management, and infrastructure modernization.
• Establish a strong, collaborative engagement model with First Line of Defense (1LOD) technology functions to assess control effectiveness, provide credible challenge, and support proactive risk mitigation strategies.
• Represent ERM as the Information Technology Subject Matter Expert in senior forums, governance committees, and working groups related to IT, developing a positive working relationship with internal clients, staff, peers, and senior management. Ensure timely escalation and reporting of emerging and material IT risks, control issues, and incidents.
• Provide 2LOD risk oversight for major technology initiatives including cloud transformation, platform and process modernization, automation efforts, and technology resilience planning.
• Conduct and manage robust review and challenge process for enterprise-wide technology controls assessments, including evaluating evidence of existing controls, identifying significant control deficiencies, assessing adequacy of proposed remediation to address deficiencies, and monitoring remediation to closure.
• Define and track key risk indicators (KRIs) and risk appetite metrics for information technology risk.
• Establish policies, standards, and procedures aligned with the Bank’s risk appetite, regulatory expectations, and industry best practices.
• Provide risk advisory input and sign-off on significant technology changes, IT project risk assessments, new systems implementations, and business technology initiatives.
• Influence control owners and other stakeholders to build consensus on risk mitigation and remediation strategies.
• Perform other duties and special projects as assigned.

• 15+ years of direct, related experience in Risk Management, Information Security or Technology.
• Demonstrated experience developing and executing 2LOD risk programs across complex IT environments.
• Deep understanding of technology infrastructure, platforms, application development, IT operations, and change management lifecycle.
• Strong knowledge of banking operations and technology regulatory requirements (e.g., FFIEC IT Handbook, NIST, OCC Heightened Standards).
• Exceptional communication and influencing skills, with the ability to engage senior technology leaders, regulators, and internal audit.
• Strong analytical skills and ability to manage multiple priorities in a fast-paced environment.
• Experience leading or overseeing risk functions within financial institutions is strongly preferred.
• Knowledge of general banking operations, including deposit operations, loan administration, treasury management and/or other commercial banking products and services. 
• Highly organized and efficient; ability to balance and manage multiple projects concurrently.
• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.