Information Technology Risk Manager
If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.
Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!
As a senior information risk team member, the incumbent will lead the design, implementation, and execution of information risk functions and/or their review and challenge. This includes overall responsibility for the lifecycle management of technology policies and standards, including their authoring, coordinating reviews by key staff and approval by appropriate Webster Committees, publication and the change management process.
Additional duties include managing and contributing to all aspects of the Information Risk Program, to include integration of the Information and Enterprise risk frameworks, identification of risks and control objectives, risk assessments, risk awareness and reporting, and other technology risk processes. These processes serve to identify and manage all risks associated with Webster technology to include Operational, Information Technology, Information Security, Strategic, Compliance, and Reputation.
Technology Policies and Standards
- Manage all aspects of Technology Policies and Standards including their drafting, review, approval, publication, and maintenance.
- Responsible for developing a policy change request process to allow for intake of corrections or enhancement requests by 1st line subject matter experts and management.
- Monitor regulatory changes and ensure that policies and standards are aligned with regulations and manage changes to accommodate new or modified regulations.
- Manage the Policy exception process by collaborating with lines of business to develop exception requests as needed and obtain the proper approvals. Maintain exception records and review them annually for continued need and obtain annual approvals.
- In partnership with legal and compliance, monitor for new legal requirements and assist in communication across Webster Technology as required. Communicate requirements to appropriate process owners and drive progress toward implementation.
- Support technology-related regulatory exams.
Contribute to Information Risk and Control Framework
- Key resource in the design, implementation, execution, and/or review and challenge of the Information and Enterprise risk management frameworks.
- Identify material risks associated with technology activities, and the establishment and/or review and challenge of necessary operating procedures and technical standards to mitigate these risks and comply with policies and standards.
- Independently review and challenge process owners on control design, self-assessment processes (RCSA), control testing, and identifying KPIs and KRIs.
- Assist in defining enterprise-wide risk appetite for appropriate risk types.
Information Risk Aggregation and Reporting
- Contribute to the review and challenge of information risk reporting to enable firm-wide aggregation of material risks, issues, KRIs and other data as may be required. Contribute to the development of reports through appropriate committees, (IRC, ERMC, Risk Committee).
- 4+ years of Risk management experience in an associated field such as Enterprise or Operational Risk, Internal Audit, or Information Security Risk Management.
- Excellent written communications skills, and the ability to relay highly technical information to a non-technical audience.
- Comfortable in presenting and influencing leaders at all levels of the organization.
- Bachelor’s degree preferred, preferably in a risk related field.
- Prefer formal education and or certification in a risk management or auditing discipline (CISA, CISSP, CISM, etc.).
The estimated salary range for this position is $105,000 to $115,000. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.