VP of IT - Operational and Vendor Risk Management
New York, NY
Unique and Very Attractive Pay Structure.
Comprehensive Benefit and Retirement Programs
Location: New York, NY – walking distance to Grand Central Station
APPLY NOW
Our client is one of the oldest banks in NYC. They are currently going through a significant update in all of its technology and are looking for a VP of Information Technology to handle Operational and Vendor Risk Management.
You will be working with a group of dedicated and smart professionals all focused on a common goal, to create an exceptional environment of work-life balance. They have a unique and attractive pay structure as well as a management friendly atmosphere where everyone enjoys their job. Unusual to find in NYC.
This position reports to the Head of Operational Risk and provides the second line of defense oversight and effective challenge for all non-financial risks. The individual will support the Head of Operational Risk to execute the operational risk framework including but not limited to the risk and control self-assessment (RCSAs) process, control testing, key risk indicators, incident loss data reporting, etc. The individual will support the execution of risk management activities by identifying, quantifying, reviewing, evaluating, and measuring risk to ensure all risk categories are identified and managed or mitigated in accordance with regulatory compliance and audit requirements. The individual will also be establishing IT risk and third-party vendor risk management programs.
Manage relationships with Technology, Third and Fourth Party Vendor Management, Business Continuity/Disaster Recovery, etc.
Assist leadership in the implementation of ORM initiatives (new and ongoing) in various stages to business as usual (BAU), including Incident Reporting, Control Testing, Issue Management, Scenario Analysis, New Product Committee, etc.
Identify, evaluate and monitor IT risks across the project life cycle through collaboration with key stakeholders and service delivery organizations to ensure project and operational risks are appropriately assessed and addressed
Provide subject matter expertise in the areas of information security, cybersecurity, business resiliency and IT risk management and develop related risk analysis for management
Execute the RCSAs including facilitating workshops and documenting key risks and controls, and action plans to remediate control gaps
Manage Incident Loss Data and post-incident reviews (internal and external), including root cause analysis of significant fraud and other risk events
Monitor and manage the Control Testing program, and perform control testing validation and oversight as it relates to IT and 3rd party vendors
Partner with management to identify applicable Key Risk Indicators and to coordinate root cause analysis, action plan development and implementation of needed updates
Perform ongoing monitoring of risks and controls and partners with the business to self-identify issues for tracking of issues and remediation plans
Facilitate, coordinate, and review risk documentation, such as policies, procedures, etc.
Prepare presentation materials for the firm's various risk governance committees, new product committee, working groups, and internal meetings
Assist leadership in managing and communicating progress internally and externally
Qualifications or Who Will Be a Great Fit?
8-10 years of experience in information technology, business resiliency, risk management, operations, project management, audit, compliance, or a related role in the commercial banking or financial services industry.
Applicable certifications in risk management related to IT risk
Strong understanding of third-party and fourth-party vendor risk. (what tools are the third parties using that could affect the bank's information?)
Strong knowledge of compliance laws, rules, regulations, risks, and controls (BSA/AML, etc.).
Experience with Incident Reporting and GRC tools
Involvement in a technology conversion project is a big plus