Job Summary : The Technology Risk Assessment Lead is responsible for overseeing operational and risk strategy programs within the IT segment.
This role involves direct self-monitoring and proactive testing through periodic risk assessments. The Technology Risk Assessment Lead evaluates the effectiveness of controls, escalates issues as needed, and ensures the administration of operational and regulatory risk strategy programs across multiple IT segments.
Additionally, they assess the adequacy and effectiveness of enterprise and regulatory controls, including risk and control self-assessments.
Timely escalation of critical issues to senior management is a key responsibility. The Technology Risk Assessment Lead collaborates with Audit, Corporate IT Risk, and Segment CIO leadership teams to address challenges and develop action plans.
They serve as the central point for receiving and distributing important risk information within the business segment and deliver periodic risk updates to segment leadership teams.
Ensuring adherence to corporate and business unit policies and procedures is essential.
Detailed Description :
Risk Assessments : Engage with project and segment teams to perform risk assessments for high-priority IT systems in development.
Serve as the voice of risk during these assessments.
- Security and Control Requirements : Partner with project teams to communicate security and control requirements. Provide oversight and support to determine if these requirements are met throughout the development cycle, escalating concerns when necessary.
- Stakeholder Relationships : Collaborate with the Technology Segment Risk Manager, Senior, to build and maintain relationships with key stakeholders involved in the pre-deployment risk assurance program.
This includes the Technology Segment Risk Officer (SRO), the broader Technology Risk team, the IT Project Management Office, Enterprise Architecture, Information Security, regulators, and Internal Audit.
- Periodic Risk Updates : Develop and deliver periodic risk updates to segment leadership teams through monthly segment operational reviews.
- Issue Resolution : Work closely with Audit, Corporate IT Risk, and Segment CIO Leadership teams to address issues promptly.
Develop action plans and target dates to remediate root causes.
- Committees and Oversight : Participate in the Technology Risk Committee and other governance groups as assigned.
- Risk Assessment Universe : Maintain the universe of risk assessments across Cyber and Enterprise IT. Ensure alignment with FFIEC guidance, coordinate schedules with regulatory and audit calendars, and collaborate with Delivery and Risk Partners to track progress against the schedule.
Ensure appropriate coverage of risk assessment domains over a defined time period.