Who We Are

Cross River is a highly profitable, fast-growing financial technology company powering the future of financial services. Our comprehensive suite of innovative and scalable embedded payments, cards, and lending products deliver financial services for millions of businesses and consumers around the globe. Cross River is backed by leading investors and serves the world’s most essential fintech and technology companies. Together with its partners, Cross River is reshaping global finance and financial inclusion. 

We are on a mission to build the infrastructure that propels access, inclusion, and the democratization of financial services. While our company has tripled in size over the last three years, our strong sense of purpose led Cross River to be named to American Banker’s list of Best Places to Work in Fintech for the last 6 years. The reason for this success is simple – our nimble and collaborative family culture lives in every member of our growing team. Together we are at the forefront of technology and innovation, and we invite passionate, collaborative, and motivated high performers to join our expanding team.

What We’re Looking For

Cross River’s Operational Risk Management Group provides a structured approach for identifying, assessing, monitoring, and reporting the risks faced by the Bank in the execution of strategic objectives. It provides an independent assessment framework that drives effective, risk-based decision making, and firm-wide governance structures that support an enterprise-wide approach to risk management, and as Head of Information Technology Risk Management you will play a key role in facilitating the successful execution of the entire 2^nd Line IT Risk function.

The candidate must be self-motivated, results-driven, have a proven ability to build and execute risk assessment programs and manage key internal relationships across the Bank.  Reporting to the Head of Operational Risk, you will work directly with the Head of Operational Risk Management, Chief Technology and Chief Information Security teams to facilitate risk assessment and risk management processes across all functions and products. This position will establish the independent IT Risk Management program baseline including target operating models, assessment policies and procedures, while providing independent review and challenge over the Bank’s information technology functions. Must have experience owning, building, and operating a full-scale technology risk program.

Responsibilities:

• The key objectives for this Head of Information Technology Risk Management position include providing 2^nd line oversight and governance:
• Defining program standards, policies, and tools for identifying, assessing, and monitoring technology related risks across the bank.
• Maintains oversight of the front-line remediation efforts for information security / cyber security exposures, gaps, and deficiencies on technology infrastructure.
• Defines testing methodologies and processes for information security / cyber security risks associated with technology infrastructure
• Performs independent review and challenge of business unit information security / cyber-related risk assessment and technology related activities outputs for technology infrastructure and where applicable, conducts annual cyber security assessment exercises (i.e. FFIEC CAT).
• Review and challenge existing technology assessments and control ratings. Provide recommendations for continuous improvement.

Qualifications:

• Bachelor’s degree in Information Technology, Cyber Security, or related field
• 10-15 years of firsthand experience in a technology related position for a financial services firm including program building and execution
• Minimum 8 years of experience with information technology risk, cybersecurity, technology risk and control self-assessments, vulnerability management, security architecture, network and security tools administration as required.
• Minimum of 5 years of experience managing a cross-functional team
• Strong understanding of general risk and control management concepts including assessment planning, control testing, risk and control self-assessment execution.
• Deep understanding of the financial services industry regulations and technology risk management standards and best practices (e.g., FFIEC, GLBA, NIST, ISO, COBIT, ITIL, PCI) is required.
• Exceptional verbal and written communication skills and the ability to partner effectively with all levels of the organization. Executive presence is key to being effective in this role so must have experience creating executive level reports and presenting to Sr. Management, Boards, and large stakeholder groups.
• At least one Certification is required of the following CISA/CISSP/CRISC/CISM or IT

#LI-JJ1 #LI-Hybrid #LI-Onsite 

Salary Range: $190,000.00 - $210,000.00