Operational Risk Manager - Cybersecurity
Citizens Bank, Johnston, RI, United States
Operational Risk Manager - Cybersecurity
Citizens currently has an opening for a Manager on our Operational Risk Management Oversight team focused on Cybersecurity risk. The role will provide independent oversight, review, and challenge of information security and technology related risks. The colleague works with key stakeholders across the enterprise ensuring material risks within these groups are well defined and managed appropriately. It is expected that this colleague has strong domain knowledge of emerging technology risks, information security standards, best practices, US regulatory requirements, and the external environment.
Responsibilities
This colleague will be focused on the information security and technology space. Primary responsibilities include independent oversight, review, and challenge of risk management activities within the first line of defense, including the effectiveness of the formal risk program activities. Activities include Risk and Control Self-Assessments, Issues Management, Material Risk Identification, Change Management, new business initiative risk assessments, and other formal programs.
Advise first line risk partners on complex risk issues and challenges, while identifying and assessing aggregate enterprise-wide risks. Working with key stakeholders, including all three lines of defense, accelerate emerging risk issues that require remediation and work directly with stakeholders while driving accountability. Maintain strong relationships with all three lines of defense, as well as the regulatory agencies.
Understand the external environment, including emerging risks within the industry and the priorities of the regulatory agencies. Determine how these changes affect the risk profile of the enterprise and work with appropriate stakeholders to ensure mitigation strategies are underway.
Participate in the cybersecurity incident response activities to ensure risks are properly assessed in real time and mitigating actions are appropriate. Post incident, lead or participate in root cause analysis and opine on next steps.
Lead targeted risk assessments on emerging issues to provide an independent opinion on the impact to the enterprise.
Operate within existing governance structures with an eye towards making these processes more efficient and effective. Manage applicable policy and program governance, while performing assurance activities to assess corporate wide compliance.
The role may be co-located as needed with the relevant business and must be actively engaged to support the business with providing domain-relevant advice, monitoring, and credible expert challenge to ensure the independent Non-Financial Risk Program is effectively implemented.
Required Experience
4+ years risk management experience from working in financial services industry
4+ years demonstrated domain expertise and experience within the relevant product or services
Experience in an organization that is under strong regulatory oversight and scrutiny
Proven ability to develop and maintain high impact relationships with senior executives
Expert knowledge of internal controls and risk assessment
Deep understanding of banking products and operations; regulatory requirements; and key processes, controls, and exposure areas
Decisiveness and sound judgment on a consistent basis
Capacity to challenge status quo
Influencing and conflict resolution skills
Excellent business writing skills
Proven leadership and management skills in a professional environment
Proficient use of MS Word, MS Excel and PowerPoint and Visio
Education
Bachelor’s degree Required
Certifications Preferred: Certified Internal Auditor, Certified Regulatory Compliance Manager, Certified Fraud Examiner, Certified Public Accountant, Certified Investments Derivative Auditor, Project Management Professional, Certified in Risk and Information System Controls, or other relevant risk certifications
Hours and Work Schedule
Hours per Week: 40
Location: Johnston RI or Boston MA
Work Schedule: Monday-Friday
Pay Transparency
The salary range for this position is $100,000 to $135,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay will be determined based on several factors including, but not limited to, work location, relevant skills, and experience.
Citizens offers competitive compensation and comprehensive benefits including medical, dental, and vision coverage, retirement benefits, maternity and paternity leave, flexible work arrangements, education reimbursement, wellness programs, and more. Citizens’ paid time off policy exceeds the mandatory paid sick or paid time away requirements of all local and state jurisdictions in the United States.
For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
#J-18808-Ljbffr
Citizens currently has an opening for a Manager on our Operational Risk Management Oversight team focused on Cybersecurity risk. The role will provide independent oversight, review, and challenge of information security and technology related risks. The colleague works with key stakeholders across the enterprise ensuring material risks within these groups are well defined and managed appropriately. It is expected that this colleague has strong domain knowledge of emerging technology risks, information security standards, best practices, US regulatory requirements, and the external environment.
Responsibilities
This colleague will be focused on the information security and technology space. Primary responsibilities include independent oversight, review, and challenge of risk management activities within the first line of defense, including the effectiveness of the formal risk program activities. Activities include Risk and Control Self-Assessments, Issues Management, Material Risk Identification, Change Management, new business initiative risk assessments, and other formal programs.
Advise first line risk partners on complex risk issues and challenges, while identifying and assessing aggregate enterprise-wide risks. Working with key stakeholders, including all three lines of defense, accelerate emerging risk issues that require remediation and work directly with stakeholders while driving accountability. Maintain strong relationships with all three lines of defense, as well as the regulatory agencies.
Understand the external environment, including emerging risks within the industry and the priorities of the regulatory agencies. Determine how these changes affect the risk profile of the enterprise and work with appropriate stakeholders to ensure mitigation strategies are underway.
Participate in the cybersecurity incident response activities to ensure risks are properly assessed in real time and mitigating actions are appropriate. Post incident, lead or participate in root cause analysis and opine on next steps.
Lead targeted risk assessments on emerging issues to provide an independent opinion on the impact to the enterprise.
Operate within existing governance structures with an eye towards making these processes more efficient and effective. Manage applicable policy and program governance, while performing assurance activities to assess corporate wide compliance.
The role may be co-located as needed with the relevant business and must be actively engaged to support the business with providing domain-relevant advice, monitoring, and credible expert challenge to ensure the independent Non-Financial Risk Program is effectively implemented.
Required Experience
4+ years risk management experience from working in financial services industry
4+ years demonstrated domain expertise and experience within the relevant product or services
Experience in an organization that is under strong regulatory oversight and scrutiny
Proven ability to develop and maintain high impact relationships with senior executives
Expert knowledge of internal controls and risk assessment
Deep understanding of banking products and operations; regulatory requirements; and key processes, controls, and exposure areas
Decisiveness and sound judgment on a consistent basis
Capacity to challenge status quo
Influencing and conflict resolution skills
Excellent business writing skills
Proven leadership and management skills in a professional environment
Proficient use of MS Word, MS Excel and PowerPoint and Visio
Education
Bachelor’s degree Required
Certifications Preferred: Certified Internal Auditor, Certified Regulatory Compliance Manager, Certified Fraud Examiner, Certified Public Accountant, Certified Investments Derivative Auditor, Project Management Professional, Certified in Risk and Information System Controls, or other relevant risk certifications
Hours and Work Schedule
Hours per Week: 40
Location: Johnston RI or Boston MA
Work Schedule: Monday-Friday
Pay Transparency
The salary range for this position is $100,000 to $135,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay will be determined based on several factors including, but not limited to, work location, relevant skills, and experience.
Citizens offers competitive compensation and comprehensive benefits including medical, dental, and vision coverage, retirement benefits, maternity and paternity leave, flexible work arrangements, education reimbursement, wellness programs, and more. Citizens’ paid time off policy exceeds the mandatory paid sick or paid time away requirements of all local and state jurisdictions in the United States.
For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
#J-18808-Ljbffr