Director Info Risk Control Testing
Webster Bank
Southington, Connecticut
This job has expired.
Job Description
If you're looking for a meaningful career, you'll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster's values, these set us apart as a bank and as an employer.
Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!
Job Description Summary:
As a leader in the Information Risk department within Webster ERM Group, the incumbent will contribute to the design, implementation, and
management of all 2nd Line information risk functions, with particular emphasis on technology control assessment and testing. Information
Risk is part of Webster's Independent Risk Management (IRM ) and serves to identify and mitigate all risks associated with Webster
Technology to include Information Technology, Information Security, Strategic, Compliance, and Reputation. The control testing function is
necessary to prepare the Bank for the increased scrutiny and independent risk review expectations under Heightened Standards.
Information Risk Control Testing Function
- Contribute to the development and implementations of Webster's Information Risk control testing methodology, planning, perform testing of controls, reports on results, and provide the key 2nd line functions of effective challenge, monitoring and oversight. This oversight may include the review of control testing and assurance performed by the 1st line of defense.
- Contribute to the development of and adherence to, testing standards that support Internal Audit's reliance upon the work performed by Information Risk.
- Coordinate with 1st and 2nd line groups on testing plans, results/issues reporting, and monitor remediation activities.
Webster Technology Strategic Initiatives
- Provide review and challenge for key initiatives for programs within the CIO Strategic Plan, including self-assessments, Enterprise Risk Assessment responses, and Issues Management
- Support initiatives assigned to Information Risk, as well as aspects of other initiatives (for example, the risk and controls inventory, risk and control self-assessments (RCSAs) and SOC2 report and controls review and challenge, etc. )
- Contribute to the development and maintenance of information technology policies and standards and contribution to the Information Technology Risk Appetite Statement
- Monitor Regulatory requirements and changes and ensure alignment with Policies and Standards
- Monitor and review the design, implementation, and execution of the Enterprise Risk Management framework within Webster Technology and lead the integration/connection between 1st, 2nd, and 3rd lines.
- In collaboration with IT process owners, lead the identification of material risks associated with Webster Technology activities, and the monitor the establishment of necessary operating procedures and technical standards to mitigate these risks while complying with policies and standards.
- Provide independent facilitation, review and challenge of self-assessment processes (RCSA), control testing, KPI and KRI development and reporting.
- Implement the inventory of technology risks and controls.
- Assist in defining enterprise-wide risk appetite for appropriate risk types and own associated controls objectives inventory.
- Review, challenge, and synthesize the results of integrated and automated Webster Technology risk reporting processes to enable firm-wide aggregation of material risks, issues, KRIs and other data as may be required. Contribute to and advise on the development of reports through appropriate committees, (IRC, ERMC, Risk Committee).
- Take a lead role in building out the IRC committee to expand the impact and interaction with LOBs on technology issues, emerging risks, and topics
- In partnership with legal and compliance, monitor for new legal requirements and communicate across Webster Technology as required. Monitor progress toward implementation.
- Support regulatory exams in Webster Risk and Technology organizations. Review process owners' documentation prior to submission to Regulators in response to requests.
- Experience in the testing of technology controls, documenting gaps (issues), and assessing the design of associated remediation activities/controls, validating the effectiveness of remediation activities.
- Ability to plainly describe complex technology risk concepts to first line operational personnel.
- Synthesis of complex and potentially conflicting data into simple, actionable reporting.
- Familiarity with technology and information security, and an aptitude for learning emerging technologies and how regulatory requirements may evolve.
- Strong written and verbal communication skills -- ability to collaborate and communicate up/down and across the organization with all levels of internal/external partners.
- Ability to resolve conflicting opinions without compromising high quality risk management.
- Bachelor's degree.
- 5+ years of experience in Risk or Audit functions, preferably in a banking environment.
- CISA, or other auditing or risk management certification is desired.
#LI-BY1
#LI-HYBRID
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
This job has expired.
Get Hired Faster
Subscribe to job alerts and upload your resume!
*By registering with our site, you agree to our
Terms and Privacy Policy.
More Banking jobs
|
|
|
|
|
|