Technology Risk Director- Enterprise Engineering

Description

The Enterprise Technology & Security (ETS) Risk Director directs a team of risk professionals, developing comprehensive risk management strategies, and ensuring the organization's technology risk practices are robust, effective, and aligned with industry standards and regulatory requirements. This executive-level position provides strategic leadership over a dedicated ETS risk function, setting the direction for risk identification, assessment, and mitigation across the bank's technology and security domains.

The Director serves as a key advisor to senior leadership on technology risk matters, drives the maturation of the enterprise risk framework, and maintains strong relationships with regulators, audit, and governance bodies.

Responsibilities

* Lead and oversee the Technology Risk Management function, providing strategic direction to a team of risk professionals and fostering a culture of accountability, excellence, and continuous improvement.

* Develop, implement, and continuously evolve a comprehensive technology risk management strategy and framework aligned with enterprise risk appetite, regulatory expectations, and industry best practices.

* Oversee the identification, assessment, monitoring, and reporting of technology and security risks across systems, applications, infrastructure, and processes.

* Serve as the primary executive liaison for regulatory examinations, internal audits, and supervisory engagements related to technology and security risk, ensuring effective coordination and high‑quality outcomes.

* Define and maintain technology risk policies, standards, control libraries, and assessment methodologies to support consistent and scalable risk management practices.

* Partner with senior technology leaders, business executives, compliance, audit, and governance teams to embed risk management into strategic planning and decision‑making.

* Provide clear, actionable, executive‑level risk reporting and insights to the Risk Committees and senior management, translating complex risk landscapes into strategic guidance.

* Oversee the portfolio of risk findings, regulatory commitments, and corrective action plans, driving timely, effective, and sustainable remediation.

* Lead oversight of Third-Party Risk Management for the organization's technology and security critical service provider relationships.

* Monitor industry trends, emerging threats, and regulatory developments to proactively adjust the organization's risk posture.

* Champion a strong risk‑aware and risk‑informed culture across the technology organization through education, engagement, and communication.

Team-Specific Requirements

Cloud & Modern Engineering Platforms

* Working knowledge of cloud services and architectures (AWS and Azure preferred), including shared responsibility models, identity and access management, and cloud‑native security controls.

* Experience assessing risk in Dev Sec Ops , CI/CD pipelines, containerized workloads (Docker/Kubernetes), and infrastructure‑as‑code environments.

Infrastructure, Platform & Engineering Risk

* Strong understanding of enterprise infrastructure platforms, including Windows, Linux (RHEL), virtualization (VMware), databases, middleware, and core network services.

* Experience evaluating end‑of‑life (EOL) / end‑of‑support (EOS) risk, technical debt, and remediation prioritization across large engineering estates.

Cybersecurity & Resilience

* Hands‑on familiarity with vulnerability management, platform hardening, secure configuration standards, and threat remediation prioritization.

* Experience with technology resilience, including BCP/DR, cyber recovery, data protection, backup strategies, and resiliency testing.

* Ability to translate engineering and cyber risks into business impact, service disruption, regulatory exposure, and customer risk.

Risk Frameworks & Governance

* Deep experience with enterprise technology risk management routines, including RCSAs, issue management, risk assessments, targeted reviews, and control testing.

* Working knowledge of regulatory and risk frameworks relevant to financial institutions (FFIEC, NIST, ISO, COBIT, COSO, CRI).

* Proven ability to synthesize…