Director Info Risk Control Testing

Description

Summary :

As a leader in the Information Risk department within Webster’s Operational Risk Management (ORM) function, the candidate will contribute to the design, implementation, and management of 2nd Line information risk functions, with particular emphasis on technology control assessment and testing.

Information Risk serves to identify and mitigate risks associated with Webster Technology to include Information Technology, Information Security, Strategy, Compliance, and Reputation.

Information Risk Control Testing Function

Contribute to the development and implementation of Webster’s Information Risk control testing methodology, standards, and planning.

Perform testing of controls, report results, and provide the key 2nd line functions of effective challenge, monitoring, and oversight.

This oversight includes the review of control testing and assurance performed by the 1st line of defense.

Coordinate with 1st and 2nd line groups on testing plans, results / issues reporting, and monitor remediation activities.

Additional duties may include contribution to the following processes :

Review and challenge of key initiatives and programs within the CIO Strategic Plan, including self-assessments, Enterprise Risk Assessment responses, and Issues Management

Development and maintenance of information technology policies and standards and contribution to the Information Technology Risk Appetite Statement

Regulatory requirements monitoring and alignment of Policies and Standards

Independent facilitation, review and challenge of self-assessment processes (RCSA), control testing, SOC2 reports, KPI and KRI development and reporting.

Support regulatory exams in Webster Risk and Technology organizations. Review documentation prior to submission to Regulators in response to requests

Experience and Education :

Experience in the testing of technology controls, documenting gaps (issues), and assessing the design of associated remediation activities / controls, validating the effectiveness of remediation activities.

Ability to plainly describe complex technology risk concepts to first line operational personnel.

Synthesis of complex and potentially conflicting data into simple, actionable reporting.

Familiarity with technology and information security, and an aptitude for learning emerging technologies and how regulatory requirements may evolve.

Strong written and verbal communication skills ability to collaborate and communicate up / down and across the organization with all levels of internal / external partners.

Ability to resolve conflicting opinions without compromising high quality risk management.

Bachelor’s degree.

5-10 years of experience in Risk or Audit functions, preferably in a banking environment.

CISA, CRISC or other auditing or risk management certification is desired.

LI-BY1

LI-HYBRID

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.