Director Technology amp Cybersecurity Risk Operations Oversight

Profile

Director, Technology & Cybersecurity Risk Operations Oversight

The candidate develops and matures the Technology and Cybersecurity Risk Oversight program to support a team of risk professionals executing the program. Promotes an organizational culture that encourages acknowledgement and recognition of operational risks and places a high priority on risk management. Partners with the LOB to develop an assessment, testing and remediation process for the operational risk management program supported by a horizontal team collaboration process. Reports directly to the Senior Director and Head of Technology and Cybersecurity Management Oversight. Leads a group of operational risk professionals who work directly with the assigned Lines of Business (LOBs) to educate and communicate risk policies and programs, identify risks, develop assessments, provide input over controls and testing, advise on and monitor remediation activities and create reporting. Assigns Lines of Business are: Enterprise Technology Services, Enterprise Security Services, Enterprise Business Technology and Service Digitization, Commercial Bank and Enterprise Payments Technology and Operations and Consumer, Digital, and Investment Technology and Services. Assists in developing an enterprise-wide approach to technology and cybersecurity risk management, which focuses on educating line of business partners and identifying, measuring, mitigating, monitoring, and reporting operational risks. Monitors compliance with operational risk policies and standards by working with the LOB to integrate operational risk control self-testing into a comprehensive control self-testing program that performs regular and comprehensive risk assessment and testing, identifies gaps and deficiencies, and formulates response strategies for corrective action. Proactively advises front line business units on applicable operational risk standards, including keeping up-to-date with developments in the applicable laws, rules, standards and industry practices. Proactively works with assigned business unit management to identify and assess the operational risks associated with business activities, ensuring alignment with the Corporate Operational Risk Framework, advising LOBs on operational risks and controls and key risk indicators, advising LOBs on operational risks related to new products and/or services and business initiatives, advising LOBs on operational risks related to outsourced third-party activities and identifying aggregate risk across LOBs. Ensures a sound understanding of business strategy, business processes and associated risks for assigned business units. Monitors and facilitates changes in business processes necessary to meet regulatory changes and mitigate operational risk exposure to Key, taking into consideration peer practices related to Operational Risk. Proactively evaluates operational risk reporting (metrics, loss events, findings, remediation plans, etc.), internal and external research, including leveraging peer benchmarks to identify current and emerging risk issues and develop effective response strategies to address identified risks/gaps. Provides information for analysis and reporting on operational risks, including changes to risk profiles, exposure and loss events, risk metrics performance, control testing results, remediation plans and status, peer benchmarks, external events and emerging risks. Assesses the appropriateness of and works with assigned LOBs where warranted on developing and/or enhancing internal procedures and guidelines to comply with corporate Operational Risk appetite, tolerances and policies. Presents operational risk reports (Enterprise-wide and LOB specific) to Senior Management and Risk Committees. Maintains constructive interaction with regulators. Acts as liaison with regulators and other internal or external auditors on matters concerning the corporation’s operational risk program. Organizes and monitors interaction between the 1st Line of Defense and regulators. Coordinates reporting to regulators and review final responses to external examinations, requests for information a regulatory and legal inquiries. Works closely with executives of other major risk category executives (e.g., Credit, Compliance, Market, Model, Reputation, and Strategic) and 1st LOD to ensure an effective Technology and Cybersecurity Risk culture. Works with LOBs and other corporate initiatives to reduce operational risk losses. Acts as Operational Risk Subject Matter Expert on assigned Subcommittees and/or Working Groups. Escalates promptly to appropriate senior management or appropriate risk committee any material breaches of applicable laws, rules, policies or standards with actual or potential operational risk impact, and necessary correction action. Effectively manages assigned human capital, ensuring acceptable employee engagement levels, providing sound direction, active coaching and development, and performance management of assigned employees. Represents Key in the community/industry though leadership involvement. Participate in periodic assignments related to the constantly changing risk management environment. Performs other duties as assigned; duties, responsibilities and/or activities may change or new ones may be assigned at any time with or without notice. Complies with all KeyBank policies and procedures. Bachelor's Degree is required. Master's Degree Business, in finance, technology, risk, Juris Doctor or other post graduate degree is preferred. Should have 10+ years Work experience in a financial services risk management, audit, accounting or related role. Should have 5+ years Management experience. Deep knowledge and understanding of risks and controls is required. Extensive knowledge and subject matter expertise in managing specified risk in an institutional setting including the related rules and regulations of the financial services industry to include applicable Interagency Guidance or OCC, FRB, state law and other pertinent regulations is required. In-depth practical knowledge of internal controls, risk assessments and operational and compliance processes, and applicable techniques for implementation of regulatory, compliance and legal requirements and operational processes is required. Cloud Computing Environment and Embedded Banking Knowledge is preferred. Key relevant certifications such as CISA, CISSP, CGEIT, CISM, CRISC, CCSP, etc. is preferred.

Additional Information

Job requisition ID: R-15699.

Company info

KeyCorp.
1329 5th St Se
Minneapolis
Minnesota
United States 55414
Website : http://www.key.com