Director IT and Data Risk Management
Mountain America Credit Union, Sandy, Utah, United States, 84092
# **Please reference the schedule and minimum qualifications listed below before applying.**If you need assistance with filling out our application form or during any phase of the application, interview, or employment process, please notify our Human Resources Team at 801-366-6947 option 1 or email macurecruiting@macu.com and every reasonable effort will be made to accommodate your needs in a timely manner.# **Job Summary**The Director of IT and Data Risk Management provides second line of defense oversight for technology and data-related risk domains. Reporting to the VP of IT, Cyber, and Data Risk Management, this role is responsible for maturing the credit union’s IT risk governance practices and building a scalable, sustainable second line data risk and governance program from the ground up. This leader ensures alignment with the enterprise risk framework, regulatory guidance, and business objectives while helping to embed technology and data risk awareness into enterprise decision-making.# **Job Description****LOCATION**Mountain America Center - Hybrid:9800 S Monroe St
Sandy, UT 84070**SCHEDULE**Full TimeTo be effective, an individual must be able to perform each job duty successfully.**IT Risk Governance*** Oversee the credit union’s second line IT Risk Management Framework, including risk assessments, issue oversight, control testing strategy, and governance documentation.* Evaluate and provide challenge to first line practices related to system change management, software development, platform resilience, vendor platforms, and IT operations.* Collaborate with IT and ERM to define key risk indicators (KRIs), support risk appetite alignment, and develop enterprise reporting for IT risk themes.**Data Risk and Governance Development*** Lead the build-out of the second line enterprise Data Risk Governance Program, defining policies, roles, standards, and escalation protocols.* Establish risk-based processes for data classification, quality, lineage, privacy, lifecycle management, and metadata governance.* Partner with data owners, stewards, and business units to integrate risk controls into data handling and analytics processes.* Collaborate with Legal, Privacy, and Compliance teams to support regulatory readiness for data usage, access, and storage requirements.**AI Governance*** Lead the design and implementation of a comprehensive AI governance program that establishes policies, controls, and oversight mechanisms to ensure responsible development and deployment of AI across the organization.* Coordinate cross‑functional stakeholders—including legal, compliance, data, security, and business leaders—to identify, assess, and mitigate AI‑related risks and ensure alignment with regulatory, ethical, and organizational standards**GRC Integration and Risk Reporting*** Contribute to the development and automation of technology and data risk processes within the credit union’s GRC platform.* Manage reporting routines, issue escalation protocols, and regulatory documentation for IT and data risk domains.* Assist in the coordination of regulatory exams and internal audits related to IT governance, operational resilience, and data protection.**Leadership and Strategic Collaboration*** Manage a team of risk analysts or program specialists in support of IT and data risk management objectives.* Serve as a trusted advisor across business units and risk domains, building consensus and driving a proactive risk culture.* Influence the design and adoption of sustainable governance practices for emerging technologies, including AI, cloud services, and automation.## KNOWLEDGE, SKILLS, and ABILITIESThe requirements listed are representative of the knowledge, skills, and/or abilities required.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.**Education and Experience*** Bachelor’s degree in information technology, Risk Management, Data Analytics, or related field.* 8+ years of experience in IT risk, data governance, or enterprise risk within a financial institution or regulated entity.* 3+ years in a related leadership role, governance focus preferred* Strong working knowledge of IT governance frameworks such as COBIT, NIST RMF, ITIL, and data governance best practices.* Strong working knowledge of AI governance frameworks and regulations such as NIST AI Risk Management Framework, EU AI Act, US-state laws regulating AI systems, and ISO 42001.* Experience with data governance tools or metadata platforms (e.g., Cyera, Collibra, Informatica).* Familiarity with data privacy regulations and standards (e.g., GLBA, CCPA, ISO/IEC 38505).**Licenses, Certifications, Registrations*** Certifications such as CISSP, CRISC, CISA, CDPSE, CGEIT, or equivalent.**Knowledge and Skills*** Prominent knowledge of theory and organizational experience through extensive exposure to complex practices across several different disciplines within IT governance and/or data governance.* Technology Governance Acumen: Deep understanding of IT risk drivers, controls, and operating environments.* Data & AI Governance Vision: Strong foundational understanding of how to stand up and mature data and AI governance capabilities.* Strategic Execution: Skilled at translating risk vision into phased implementation plans and metrics.* Credible Challenge: Ability to raise concerns, recommend alternative strategies, and influence decision-making across departments.* Collaboration and Communication: Engages diverse stakeholders and communicates risk insights with clarity and confidence.* Leverages knowledge of trends in profession and/or specialized areas to influence strategy**Leadership and Organization Development*** Creates a sense of urgency and accountability in delivering objectives and a culture which fosters innovation and creativity* Develops multifunctional leadership* Coaches individuals to reach full potential, builds coaching capability in others* Helps orchestrate talent development & movement across the business unit or function* Leads Work effectively & regularly across functions* Responsible for effectiveness of team(s) and performance results**Scope and Strategic Impact*** Responsible for a business process in a function of notable risk and complexity* Directs multiple related teams or function with significant and critical organization-wide impact* Operates with autonomy on operational matters, accountable to BU Leadership* Limited to no revenue generation responsibilities* Has budget responsibility* Actively develops strategic plan for the function or business processes with VP* Sets objectives for self and/or a team/project members* Delivers the results that have a tangible impact for function or business process* Adapts strategy to changing conditions* Identifies external threats and opportunities and adapts strategy to changing conditions* Strategic planning horizon generally 1 - 3 years* Actively participates in building BU plan**Analytical Thinking & Problem Solving*** Applies company level financial and economic perspectives to decision making and problem solving* Gathers and analyzes information at an expert level* Manages the resolution of complex or unusual business problems* Applies analytical thinking, problem identification and solving and decision making* Implementation of solutions requires a medium-term view## PHYSICAL ABILITIES / WORKING CONDITIONS**Physical Demands**Ability to sit, talk and hear consistently**Vision Requirements**Close vision (clear vision at 20 inches or less)Distance vision (clear vision at 20 feet or more)Color vision (ability to identify and distinguish colors)**Weight Lifted or Force Exerted**Ability to lift up to 10 pounds frequently and up to 25 pounds occasionally**Environmental**There are no unusual environmental factors (such as a typical office)**Noise #J-18808-Ljbffr
Sandy, UT 84070**SCHEDULE**Full TimeTo be effective, an individual must be able to perform each job duty successfully.**IT Risk Governance*** Oversee the credit union’s second line IT Risk Management Framework, including risk assessments, issue oversight, control testing strategy, and governance documentation.* Evaluate and provide challenge to first line practices related to system change management, software development, platform resilience, vendor platforms, and IT operations.* Collaborate with IT and ERM to define key risk indicators (KRIs), support risk appetite alignment, and develop enterprise reporting for IT risk themes.**Data Risk and Governance Development*** Lead the build-out of the second line enterprise Data Risk Governance Program, defining policies, roles, standards, and escalation protocols.* Establish risk-based processes for data classification, quality, lineage, privacy, lifecycle management, and metadata governance.* Partner with data owners, stewards, and business units to integrate risk controls into data handling and analytics processes.* Collaborate with Legal, Privacy, and Compliance teams to support regulatory readiness for data usage, access, and storage requirements.**AI Governance*** Lead the design and implementation of a comprehensive AI governance program that establishes policies, controls, and oversight mechanisms to ensure responsible development and deployment of AI across the organization.* Coordinate cross‑functional stakeholders—including legal, compliance, data, security, and business leaders—to identify, assess, and mitigate AI‑related risks and ensure alignment with regulatory, ethical, and organizational standards**GRC Integration and Risk Reporting*** Contribute to the development and automation of technology and data risk processes within the credit union’s GRC platform.* Manage reporting routines, issue escalation protocols, and regulatory documentation for IT and data risk domains.* Assist in the coordination of regulatory exams and internal audits related to IT governance, operational resilience, and data protection.**Leadership and Strategic Collaboration*** Manage a team of risk analysts or program specialists in support of IT and data risk management objectives.* Serve as a trusted advisor across business units and risk domains, building consensus and driving a proactive risk culture.* Influence the design and adoption of sustainable governance practices for emerging technologies, including AI, cloud services, and automation.## KNOWLEDGE, SKILLS, and ABILITIESThe requirements listed are representative of the knowledge, skills, and/or abilities required.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.**Education and Experience*** Bachelor’s degree in information technology, Risk Management, Data Analytics, or related field.* 8+ years of experience in IT risk, data governance, or enterprise risk within a financial institution or regulated entity.* 3+ years in a related leadership role, governance focus preferred* Strong working knowledge of IT governance frameworks such as COBIT, NIST RMF, ITIL, and data governance best practices.* Strong working knowledge of AI governance frameworks and regulations such as NIST AI Risk Management Framework, EU AI Act, US-state laws regulating AI systems, and ISO 42001.* Experience with data governance tools or metadata platforms (e.g., Cyera, Collibra, Informatica).* Familiarity with data privacy regulations and standards (e.g., GLBA, CCPA, ISO/IEC 38505).**Licenses, Certifications, Registrations*** Certifications such as CISSP, CRISC, CISA, CDPSE, CGEIT, or equivalent.**Knowledge and Skills*** Prominent knowledge of theory and organizational experience through extensive exposure to complex practices across several different disciplines within IT governance and/or data governance.* Technology Governance Acumen: Deep understanding of IT risk drivers, controls, and operating environments.* Data & AI Governance Vision: Strong foundational understanding of how to stand up and mature data and AI governance capabilities.* Strategic Execution: Skilled at translating risk vision into phased implementation plans and metrics.* Credible Challenge: Ability to raise concerns, recommend alternative strategies, and influence decision-making across departments.* Collaboration and Communication: Engages diverse stakeholders and communicates risk insights with clarity and confidence.* Leverages knowledge of trends in profession and/or specialized areas to influence strategy**Leadership and Organization Development*** Creates a sense of urgency and accountability in delivering objectives and a culture which fosters innovation and creativity* Develops multifunctional leadership* Coaches individuals to reach full potential, builds coaching capability in others* Helps orchestrate talent development & movement across the business unit or function* Leads Work effectively & regularly across functions* Responsible for effectiveness of team(s) and performance results**Scope and Strategic Impact*** Responsible for a business process in a function of notable risk and complexity* Directs multiple related teams or function with significant and critical organization-wide impact* Operates with autonomy on operational matters, accountable to BU Leadership* Limited to no revenue generation responsibilities* Has budget responsibility* Actively develops strategic plan for the function or business processes with VP* Sets objectives for self and/or a team/project members* Delivers the results that have a tangible impact for function or business process* Adapts strategy to changing conditions* Identifies external threats and opportunities and adapts strategy to changing conditions* Strategic planning horizon generally 1 - 3 years* Actively participates in building BU plan**Analytical Thinking & Problem Solving*** Applies company level financial and economic perspectives to decision making and problem solving* Gathers and analyzes information at an expert level* Manages the resolution of complex or unusual business problems* Applies analytical thinking, problem identification and solving and decision making* Implementation of solutions requires a medium-term view## PHYSICAL ABILITIES / WORKING CONDITIONS**Physical Demands**Ability to sit, talk and hear consistently**Vision Requirements**Close vision (clear vision at 20 inches or less)Distance vision (clear vision at 20 feet or more)Color vision (ability to identify and distinguish colors)**Weight Lifted or Force Exerted**Ability to lift up to 10 pounds frequently and up to 25 pounds occasionally**Environmental**There are no unusual environmental factors (such as a typical office)**Noise #J-18808-Ljbffr