MD Information & Cybersecurity Risk Management-2

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.  

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

The Information and Cyber Security Risk Management (MD) at Webster Bank will play a critical leadership role in overseeing and strengthening the bank’s control environment from an information and cyber security perspective. The role will be responsible for the strategic and day-to-day oversight of information and cyber security-related risk management and control practices across the entire organization. This role will lead a team that works closely with business and IT, risk management, compliance, and internal audit to ensure robust information and cybersecurity risk and control coverage aligned to industry control frameworks that meet industry best practices, compliance with regulatory requirements, and alignment with Webster Bank’s overall risk appetite. The role will report directly to the Information and Cybersecurity Risk Management (SMD) and is expected to provide thought leadership, guidance, and direction to enhance the bank’s information and cyber security risk and controls posture. The ideal candidate will bring strong expertise in information and cyber security, technology risk, operational risk, enterprise risk, internal audit, internal controls and testing within the banking sector.

As a key leader on the Corporate Information Security team, the successful candidate will lead or perform the following responsibilities:

• Strategic Oversight: Manage strategic and day-to-day oversight of information and cyber security-related risk management and related control practices across the organization.
• Stakeholder Engagement & Advisory: Collaborate with various business, IT, and operational teams to promote a strong risk culture, offering guidance on control design and risk mitigation strategies. Serve as the primary liaison between Corporate Information Security, business units, and external auditors/examiners on information and cyber security control matters.
• Control Framework Development & Oversight: Design, implement, and maintain IT control frameworks, ensuring alignment with industry best practices (e.g., NIST, CRI, COBIT, COSO) and regulatory standards. Oversee ongoing control assessments to facilitate timely remediation of identified gaps.
• Risk Identification & Management: Partner with IT and Business Unit stakeholders to identify emerging technology risks, evaluate potential impacts, and develop mitigation strategies. Drive continuous monitoring of key risk indicators (KRIs) to maintain proactive identification and resolution of risk areas.
• Policy & Regulatory Compliance: Ensure adherence to internal policies, regulatory requirements, and cybersecurity standards applicable to the bank’s environment. Coordinate with the Legal and Compliance teams to stay abreast of new or changing regulations and provide guidance to business units
• Controls Design & Inventory: Design and implement effective controls to mitigate identified risks, providing recommendations for improvement where necessary.
• ISRA Program Management: Lead the execution and documentation of ISRA and Corporate Information Security processes across the organization to ensure it aligns with regulatory requirements and industry best practices. Assist with designing and enhancing the ISRA and Corporate Information Security programs, ensuring compliance with internal policies, industry best practices and regulatory requirements.
• Risk Assessment: Coordinate and facilitate risk assessment workshops and activities to identify potential information and cyber security risks and control gaps. Analyze risk data to assess the likelihood and impact of risks on the bank’s operations.
• Proactive Oversight: Ensure proactive identification of potential information and cyber security control issues and deficiencies, determine root causes, and develop and execute on necessary remediation plans.
• Team Leadership & Development: Supervise and mentor a team of information and cyber security risk professionals, setting performance expectations, providing regular feedback, and fostering professional growth. Promote a culture of accountability, collaboration, and continuous learning within the team and across front line units.
• Reporting & Communication: Prepare comprehensive reports for senior management, regulatory bodies, and board committees with clear insights into information and cyber security risk exposure and control effectiveness, and action plans for identified gaps. Exceptional written and verbal communication skills, with the ability to clearly convey technical risk concepts to non-technical audiences and executive leadership
• Training & Awareness: Lead training sessions to enhance staff understanding of information and cyber security risk management principles, control processes, and responsibilities. Promote a proactive information and cyber security risk management culture through continuous education and awareness initiatives.
• Continuous Improvement: Evaluate and improve the overall information and cyber risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
• Audit & Regulatory Coordination: Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available. Act as a liaison between the business and regulators, providing transparent and comprehensive updates on the information and cyber risk management program.
• Risk Management: Collaborate with senior leadership and department heads to identify and evaluate key risks, implement risk control measures, and monitor risk mitigation efforts.
• Governance: Oversee regular governance forums to ensure timely escalation, decision-making, and resource allocation for risk remediation activities.

Please list key skills/experience qualifications for the role:

• Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field.
• Advanced degree and/or preferred industry-recognized certifications:
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• CGEIT (Certified in the Governance of Enterprise IT) 
• (Any combination of these certifications or equivalent professional designations is highly desirable.)
• Deep understanding of banking regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
• Strong understanding of IT governance frameworks (e.g., NIST, CRI, COBIT), as well as relevant regulations (e.g., FFIEC, SOX, GLBA).
• Demonstrated ability to analyze complex technological environments and design appropriate control mechanisms.
• In-depth knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.

The estimated salary range for this position is $170,000.00 to $185,000.00. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

#LI-Hybrid

#LI-FO1

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.