Director of IT/Cyber Risk

Line 2

Updated on 3/27/2023

Locations

Edgewater, NJ, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Management

Communications

Requirements

Bachelor's degree in Information Technology, Cyber Security, or related field
10-15 years of firsthand experience in a technology related position for a financial services firm including program building and execution
Minimum 8 years of experience with information technology risk, cybersecurity, technology risk and control self-assessments, vulnerability management, security architecture, network and security tools administration as required
Minimum of 5 years of experience managing a cross-functional team
Strong understanding of general risk and control management concepts including assessment planning, control testing, risk and control self-assessment execution
Deep understanding of the financial services industry regulations and technology risk management standards and best practices (e.g., FFIEC, GLBA, NIST, ISO, COBIT, ITIL, PCI) is required
Exceptional verbal and written communication skills and the ability to partner effectively with all levels of the organization. Executive presence is key to being effective in this role so must have experience creating executive level reports and presenting to Sr. Management, Boards, and large stakeholder groups
CISA/CISSP/CRISC/CISM or IT related certification is preferred

Responsibilities

The key objectives for this Head of Information Technology Risk Management position include providing 2nd line oversight and governance:
Defining program standards, policies, and tools for identifying, assessing, and monitoring technology related risks across the bank
Maintains oversight of the front-line remediation efforts for information security / cyber security exposures, gaps, and deficiencies on technology infrastructure
Defines testing methodologies and processes for information security / cyber security risks associated with technology infrastructure
Performs independent review and challenge of business unit information security / cyber-related risk assessment and technology related activities outputs for technology infrastructure and where applicable, conducts annual cyber security assessment exercises (i.e. FFIEC CAT)
Review and challenge existing technology assessments and control ratings. Provide recommendations for continuous improvement

Who We Are

At Cross River, we are building the best banking and technology products for Financial Technology partners and clients. As venture-backed pioneers of the platform-based financial services model known as the sponsor bank, or partner bank, we collaborate with our partners to offer products such as payments infrastructure and loan origination services to the latest in regulatory and compliance solutions. Our nimble, adaptive, and risk focused culture is powered by our people, and as a result of their creativity, tech-forward thinking, and collaborative spirit, we continue to experience rapid growth.

What are looking for:

Cross River’s Operational Risk Management Group provides a structured approach for identifying, assessing, monitoring, and reporting the risks faced by the Bank in the execution of strategic objectives. It provides an independent assessment framework that drives effective, risk-based decision making, and firm-wide governance structures that support an enterprise-wide approach to risk management, and as Head of Information Technology Risk Management you will play a key role in facilitating the successful execution of the entire 2^nd Line IT Risk function.

The candidate must be self-motivated, results-driven, have a proven ability to build and execute risk assessment programs and manage key internal relationships across the Bank. Reporting to the Head of Operational Risk, you will work directly with the Head of Operational Risk Management, Chief Technology and Chief Information Security teams to facilitate risk assessment and risk management processes across all functions and products. This position will establish the independent IT Risk Management program baseline including target operating models, assessment policies and procedures, while providing independent review and challenge over the Bank’s information technology functions. Must have experience owning, building, and operating a full-scale technology risk program.

Responsibilities:

The key objectives for this Head of Information Technology Risk Management position include providing 2^nd line oversight and governance:

Defining program standards, policies, and tools for identifying, assessing, and monitoring technology related risks across the bank.
Maintains oversight of the front-line remediation efforts for information security / cyber security exposures, gaps, and deficiencies on technology infrastructure.
Defines testing methodologies and processes for information security / cyber security risks associated with technology infrastructure
Performs independent review and challenge of business unit information security / cyber-related risk assessment and technology related activities outputs for technology infrastructure and where applicable, conducts annual cyber security assessment exercises (i.e. FFIEC CAT).

Review and challenge existing technology assessments and control ratings. Provide recommendations for continuous improvement.

Qualifications:

Bachelor’s degree in Information Technology, Cyber Security, or related field
10-15 years of firsthand experience in a technology related position for a financial services firm including program building and execution
Minimum 8 years of experience with information technology risk, cybersecurity, technology risk and control self-assessments, vulnerability management, security architecture, network and security tools administration as required.
Minimum of 5 years of experience managing a cross-functional team
Strong understanding of general risk and control management concepts including assessment planning, control testing, risk and control self-assessment execution.
Deep understanding of the financial services industry regulations and technology risk management standards and best practices (e.g., FFIEC, GLBA, NIST, ISO, COBIT, ITIL, PCI) is required.
Exceptional verbal and written communication skills and the ability to partner effectively with all levels of the organization. Executive presence is key to being effective in this role so must have experience creating executive level reports and presenting to Sr. Management, Boards, and large stakeholder groups.
CISA/CISSP/CRISC/CISM or IT related certification is preferred.

Cross River is an Equal Opportunity Employer. Cross River does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status, or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

Salary Range: $175,000.00 - $190,000.00

#LI-JJ1

Cross River is an Equal Opportunity Employer. Cross River does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

By submitting your application, you give Cross River permission to email, call, or text you using the contact details provided. We will only contact you with job related information.

501-1,000 employees

Website

Financial technology infrastructure solutions

Benefits

Generous parental & leave policies
Completely subsidized health, dental, & vision insurance
Complimentary dry cleaning
On-site haircuts
Endless snacks
Company events

Company Core Values

Authentic
Purposeful
Responsible