Technology Risk Director- Enterprise Engineering

Description

The Enterprise Technology & Security (ETS) Risk Director directs a team of risk professionals, developing comprehensive risk management strategies, and ensuring the organization's technology risk practices are robust, effective, and aligned with industry standards and regulatory requirements. This executive-level position provides strategic leadership over a dedicated ETS risk function, setting the direction for risk identification, assessment, and mitigation across the bank's technology and security domains.

The Director serves as a key advisor to senior leadership on technology risk matters, drives the maturation of the enterprise risk framework, and maintains strong relationships with regulators, audit, and governance bodies.

• Lead and oversee the Technology Risk Management function, providing strategic direction to a team of risk professionals and fostering a culture of accountability, excellence, and continuous improvement.
• Develop, implement, and continuously evolve a comprehensive technology risk management strategy and framework aligned with enterprise risk appetite, regulatory expectations, and industry best practices.
• Oversee the identification, assessment, monitoring, and reporting of technology and security risks across systems, applications, infrastructure, and processes.
• Serve as the primary executive liaison for regulatory examinations, internal audits, and supervisory engagements related to technology and security risk, ensuring effective coordination and high-quality outcomes.
• Define and maintain technology risk policies, standards, control libraries, and assessment methodologies to support consistent and scalable risk management practices.
• Partner with senior technology leaders, business executives, compliance, audit, and governance teams to embed risk management into strategic planning and decision-making.
• Provide clear, actionable executive-level risk reporting and insights to the Risk Committees and senior management, translating complex risk landscapes into strategic guidance.
• Oversee the portfolio of risk findings, regulatory commitments, and corrective action plans, driving timely, effective, and sustainable remediation.
• Lead oversight of Third-Party Risk Management for the organization's technology and security critical service provider relationships.
• Monitor industry trends, emerging threats, and regulatory developments to proactively adjust the organization's risk posture.
• Champion a strong risk-aware and risk-informed culture across the technology organization through education, engagement, and communication.

• Working knowledge of cloud services and architectures (AWS and Azure preferred), including shared responsibility models, identity and access management, and cloud-native security controls.
• Experience assessing risk in Dev Sec Ops , CI/CD pipelines, containerized workloads (Docker/Kubernetes), and infrastructure-as-a-code environments.

• Strong understanding of enterprise infrastructure platforms, including Windows, Linux (RHEL), virtualization (VMware), databases, middleware, and core network services.
• Experience evaluating end-of-life (EOL) / end-of-support (EOS) risk, technical debt, and remediation prioritization across large engineering estates.

• Hands-on familiarity with vulnerability management, platform hardening, secure configuration standards, and threat remediation prioritization.
• Experience with technology resilience, including BCP/DR, cyber recovery, data protection, backup strategies, and resiliency testing.
• Ability to translate engineering and cyber risks into business impact, service disruption, regulatory exposure, and customer risk.

• Deep experience with enterprise technology risk management routines, including RCSAs, issue management, risk assessments, targeted reviews, and control testing.
• Working knowledge of regulatory and risk frameworks relevant to financial institutions (FFIEC, NIST, ISO, COBIT, COSO, CRI).
• Proven ability to synthesize large volumes of technical risk data into clear, prioritized executive-level insights.

• Experience using GRC Archer (or equivalent platforms such as Open Pages) to manage RCSAs, issues, action plans, metrics, and regulatory responses.
• Familiarity with risk reporting, risk dashboards, and executive-level risk metrics.

• Working knowledge of common enterprise tooling used by engineering and cyber teams, such as Service Now, Jira, and Confluence, to support risk intake, issue tracking, and remediation monitoring.
• Familiarity with vulnerability and security tools such as Qualys, Wiz, Crowd Strike, Cyber Ark, Splunk, or similar platforms to support effective oversight and challenge.

• Exposure to engineering and operational monitoring platforms (e.g., Data Dog, Grafana, Tableau,…