Job Description

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.  

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

Job Description Summary:

As a leader in the Information Risk department within Webster ERM Group, the incumbent will contribute to the design, implementation, and
management of all 2nd Line information risk functions, with particular emphasis on technology control assessment and testing. Information
Risk is part of Webster’s Independent Risk Management (IRM ) and serves to identify and mitigate all risks associated with Webster
Technology to include Information Technology, Information Security, Strategic, Compliance, and Reputation. The control testing function is
necessary to prepare the Bank for the increased scrutiny and independent risk review expectations under Heightened Standards.

Information Risk Control Testing Function

  • Contribute to the development and implementations of Webster’s Information Risk control testing methodology, planning, perform testing of controls, reports on results, and provide the key 2nd line functions of effective challenge, monitoring and oversight.  This oversight may include the review of control testing and assurance performed by the 1st line of defense.
  • Contribute to the development of and adherence to, testing standards that support Internal Audit’s reliance upon the work performed by Information Risk.
  • Coordinate with 1st and 2nd line groups on testing plans, results/issues reporting, and monitor remediation activities. \

Additional duties may varied to  include hands-on and management responsibilities for any of the following:

Webster Technology Strategic Initiatives

  • Provide review and challenge for key initiatives for programs within the CIO Strategic Plan, including self-assessments, Enterprise Risk Assessment responses, and Issues Management
  • Support initiatives assigned to Information Risk, as well as aspects of other initiatives (for example, the risk and controls inventory, risk and control self-assessments (RCSAs) and SOC2 report and controls review and challenge,  etc. )

Technology Policies and Standards

  • Contribute to the development and maintenance of information technology policies and standards and contribution to the Information Technology Risk Appetite Statement
  • Monitor Regulatory requirements and changes and ensure alignment with Policies and Standards

Information Risk and Control Framework

  • Monitor and review the design, implementation, and execution of the Enterprise Risk Management framework within Webster Technology and lead the integration/connection between 1st, 2nd, and 3rd lines.
  • In collaboration with IT process owners, lead the identification of material risks associated with Webster Technology activities, and the monitor the establishment of necessary operating procedures and technical standards to mitigate these risks while complying with policies and standards.
  • Provide independent facilitation, review and challenge of self-assessment processes (RCSA), control testing, KPI and KRI development and reporting.
  • Implement the inventory of technology risks and controls.
  • Assist in defining enterprise-wide risk appetite for appropriate risk types and own associated controls objectives inventory.

Information Risk Aggregation and Reporting

  • Review, challenge, and synthesize the results of integrated and automated Webster Technology risk reporting processes to enable firm-wide aggregation of material risks, issues, KRIs and other data as may be required. Contribute to and advise on the development of reports through appropriate committees, (IRC, ERMC, Risk Committee).
  • Take a lead role in building out the IRC committee to expand the impact and interaction with LOBs on technology issues, emerging risks, and topics


  • In partnership with legal and compliance, monitor for new legal requirements and communicate across Webster Technology as required. Monitor progress toward implementation.
  • Support regulatory exams in Webster Risk and Technology organizations. Review process owners’ documentation prior to submission to Regulators in response to requests.

General Requirements

  • Experience in the testing of technology controls, documenting gaps (issues), and assessing the design of associated remediation activities/controls, validating the effectiveness of remediation activities.
  • Ability to plainly describe complex technology risk concepts to first line operational personnel.
  • Synthesis of complex and potentially conflicting data into simple, actionable reporting.
  • Familiarity with technology and information security, and an aptitude for learning emerging technologies and how regulatory requirements may evolve.
  • Strong written and verbal communication skills -- ability to collaborate and communicate up/down and across the organization with all levels of internal/external partners.
  • Ability to resolve conflicting opinions without compromising high quality risk management.
  • Bachelor’s degree.
  • 5+ years of experience in Risk or Audit functions, preferably in a banking environment.
  • CISA, or other auditing or risk management certification is desired.

The estimated salary range for this position is $150,000USD to $160,000USD. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.




All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online