Manager IT & Ops Risk Advisory

Job Description

MANAGER IT & OPS RISK ADVISORY
WHAT IS THE OPPORTUNITY?

The IT Risk Advisor Manager will focus on driving, overseeing and reporting on technology-related regulatory activities, evaluate, and manage technology-related risks and controls across the aligned Technology business or function. Responsibilities include providing first-line oversight for regulatory remediation work, providing executive status updates, coordinating Technology business related regulatory engagement, and keeping leadership, key stakeholders informed of new and existing technology risks, leading or supporting various programs, including partnering with internal teams and businesses on risk and control self-assessment (RCSA), process, risk, and control, and other risk policies, standards, and processes. This individual manages a team of risk professionals and is part of a function that offers an Internal IT Risk Consultancy and acts as Trusted Advisors to IT FLoD to help identify potential regulatory risks, technology-related risks, how to manage and implement risk management solutions on the following but not limited to safety and security policies, business continuity and recovery.

What you will do
  • Provide strategic, thought-leadership to technology-business functions around regulatory remediation and IT risk requirements
  • Drive and execute regulatory remediation activities ensuring key commitments are met, risks are mitigated and key stakeholders are engaged and updated
  • Act as a key decision-maker on IT-related regulatory matters
  • Manager aligned business units, quantifying risk exposures within the business including operational, information, third party risk, and technology etc
  • Implement and improve internal controls as part of the risk management framework created by SLoD, which includes assessment, reporting, metrics, monitoring and testing to mitigate risks
  • Plays an active role in partnership with the FLoDs to develp action plans to address identified control breaches/deficiencies, completing root cause analysis and implementing routines to track, monitor and report issues in compliance with new end-to-end issue management process for effective and timely execution of remediation plans
  • Ensure controls related to technology risk such as payment systems, access management, etc. risk management are sound and effective and implemented
  • Supports internal auditors and regulators to ensure policies, strategies and performance meets enterprise risk and control standards and regulatory expectations
  • Employs and fosters a risk-aware culture and mindset among employees, contractors, and service providers
  • Directly manage, train and develop a team of risk professionals as assigned
  • Advanced understanding of controls and risk management concepts, including risk assessments and evaluating and testing of internal controls
  • Vendor management/ third party experience required
  • Strong project management skills: including an ability to independently drive work, and programmatically solve problems
  • Drive change and communicate related policies, procedures, and guidelines; and execute on large scale projects as needed
  • Strong leadership, people management, and influencing skills; proven strengths in relationship development and leading through influence across multiple stakeholders
  • Recruit, develop and retain key talent, ensuring that the resources dedicated to risk management are effective in carrying out the required functions “

Must-Have*

  • Bachelor’s Degree or equivalent
  • 10 plus years of experience in IT risk and control or audit function
  • 10 plus years of experience working at a major financial institution on audit and/or management initiatives programs, including management responsibilities
  • 8 plus years of experience in cyber security, payments platform, fraud, and/or technology risk management etc.; risk management, compliance, and/or audit in a highly regulated environment
  • 5 years plus of related supervisory experience

Skills and Knowledge

  • Experience with regulatory remediation activities primarily in the technology sector
  • Knowledge and application of FFIEC rules and regulations particularly in the technology sector of a major financial institution
  • Experience with process documentation, risk and control assessments, and designing/executing IT General Controls (ITGC), test scripts
  • Experience and/or knowledge in working with multiple IT risk and controls domains such as identity and access management, privilege success, vulnerability management privacy, incident response etc.
  • Experience and working knowledge of any NQSQL, databases, design, and architecture
  • Experience in designing, implementing, and operationalizing continuous control testing and monitoring of technology controls
  • Combined experience in IT external audit, IT internal audit and technology risk and/or IT General control assessment for compliance with Sarbanes Oxley (SOX)
  • Understand of the regulatory environment and regulations related to technology risk, and Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations
  • Preferred “Big Four” or Large Regional Firm IT audit or risk management consulting experience
  • Preferred: Professional in Project Management (PMP), Six Sigma Black, Belt or Green Belt professional certifications and/or project management experience
  • Preferred: experience with process documentation, risk, and control assessments
  • Proficient in Microsoft Office Product Suite, SharePoint
  • Solid problem solving, analytical (including qualitative analysis), research, and quantitative skills
  • Strong work ethic, ability to make decisions and work under tight deadlines; goal-oriented and takes initiatives
  • Effective presentation and communication (verbal and written) skills
  • Experience with process documentation, risk and control assessments, and designing/executing IT General Controls (ITGC), test scripts
  • Understand of the regulatory environment and regulations related to technology risk, and Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations
  • Experience and/or knowledge in working with multiple IT risk and controls domains such as identity and access management, privilege success, vulnerability management privacy, incident response etc.
  • Combined experience in IT external audit, IT internal audit and technology risk and/or IT General control assessment for compliance with Sarbanes Oxley (SOX)
  • Experience in designing, implementing, and operationalizing continuous control testing and monitoring of technology controls
  • Ability to attract, motivate, and retain talent, ability to create a unified team
  • Possess a consultative/advisory mindset and approach in dealing with key stakeholders across the organization
Compensation
Starting base salary: $122,535 – $208,715 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.
*To be considered for this position you must meet at least these basic qualifications
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Benefits and Perks
At City National, we strive to be the best at whatever we do, including the benefits and perks we offer our colleagues. Get an inside look at our Benefits and Perks.
INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT
City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.’
ABOUT CITY NATIONAL
We start with a basic premise: Business is personal. Since day one we’ve always gone further than the competition to help our clients, colleagues and community flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today. City National is a subsidiary of Royal Bank of Canada, one of North America’s leading diversified financial services companies.

More Information

Apply for this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X