Enterprise Engineering Risk Director - Citizens

Description


As a Risk Director within the Enterprise Technology & Security (ET&S) team you along with Consumer and Commercial Banking business unit management are responsible for developing and maintaining a comprehensive risk management framework, overseeing the identification, assessment, mitigation, and reporting of technology and security risks to business units, and ensuring compliance with relevant regulations and standards.



This high impact role will give you the opportunity to lead, develop and support a team of high performers to partner with leaders and stakeholders across the bank, assess and recommend enhancements to the control environment, and will have high visibility and provide routine updates to executives and senior leaders across Consumer and Commercial Banking, and ET&S.



Responsibilities will be to:





+ Lead and develop a dedicated team of risk managers and specialists for a consistent and effective support model.



+ Establish and lead risk management process enabling senior management to continually identify, analyze, assess, and translate cyber/technical IT risks into business risks and potential impacts.



+ Define key risk metrics, controls, and control tests to measure and assess current levels of cyber/technical IT risks to the business.



+ Lead oversight and reporting of Risk Control Self Assessments, Targeted Risk Reviews, and issue management activities.



+ Provide day to day leadership to the business lines providing knowledge and expertise on the appropriate implementation of strategic plans, regulatory compliance, risk mitigation and industry standards.



+ Gain visibility into detailed risk assessments and advise the business line on appropriate risk mitigation actions.



+ Advise on new processes / products, initiatives and strategies from a risk and control perspective; guiding the business lines through the various governance approvals related to new initiatives ensuring proper controls.



+ Act as lead for exam for product / function under review and participating in all important interactions with the regulators.



+ Establish and maintain an effective business relationship with business partners, key project stakeholders, second and third lines of defense and subject matter experts to advise and support business initiatives.





Experience and Skills:





+ 10 years of experience in Information Technology, Information Security and/or Business Continuity.



+ 10 years of Risk Management experience gained from working in Technology/ Security Risk or Independent Risk Management.



+ Experience working with cloud computing related technologies: IaaS/SaaS/PaaS, DevSecOps, web application technology, operating system, database, and networking.



+ Knowledge of and experience with core IT infrastructure platforms (e.g., Windows, Unix, Mainframe, SQL, Oracle).



+ Experience working in multiple security domains such as platform hardening, vulnerability management, web application and browser security, penetration testing, cryptography, network protocols, and secure network design.



+ Experience in an organization that is under strong regulatory oversight and scrutiny.



+ Intermediate knowledge of internal controls and risk self-assessment



+ Basic knowledge of business areas processes and/or products and operations; regulatory requirements; and key processes, controls, and exposure areas



+ Understanding of FFIEC guidelines and handbooks, GLBA, SOX, PCI



+ Knowledge of industry recognized frameworks such as ISO 27001, ISO 20000, ISO 9001, ISO 31000, ISO 22301, Cyber Risk Institute, NIST, Cloud Security Alliance, Cobit, COSO, ITIL



+ Ability to analyze and synthesize many risk data points and help the business to prioritize mitigation.



+ Strong business writing skills



+ Ability to effectively communicate with all levels of the organization.



+ Project management skills to support multiple assignments on behalf of various stakeholders.



+ Leadership, coaching and staff development experience.





Preferred Education and Certifications:





+ Bachelor’s Degree required; Master’s Degree preferred



+ Certified Information Systems Auditor (CISA)



+ Certified in Risk and Information Systems Control (CRISC)



+ Certified Information Security Manager (CISM)



+ Certified Information Systems Security Professional (CISSP)



+ Certified Cloud Security Professional (CCSP)



+ Technology discipline certification such as AWS CCP, Azure Fundamentals, CCNA, MCSE, RHCE





Hours and Work Schedule







Hours per Week: 40



Work Schedule: Monday through Friday







Pay Transparency



The salary range for this position is $225,000 - $250,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.



We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.



Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.



Equal Employment Opportunity


At Citizens, we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.


Equal Employment and Opportunity Employer


Citizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.


Why Work for Us

At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth







Background Check



Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.

01/20/2025