AVP, IT Ops Risk
Listed on 2026-07-18
-
IT/Tech
Information Security, Cybersecurity, IT Business Analyst, Data Security
Job Title
AVP, IT Operational Risk
Position SummaryThis role will work directly under the Head of Operational Risk and will be responsible for supporting the identification, measurement, monitoring, and management of technology-related operational risks across the organization. The individual will partner closely with Information Security, IT, Privacy, Data Protection, Business Continuity, and other key stakeholders to strengthen the organization's IT operational risk management framework.
The AVP, IT Operational Risk will play a key role in developing risk assessment methodologies, enhancing reporting, supporting risk assessments, coordinating with Information Security GRC on risk and control libraries, and helping ensure technology risks, control gaps, remediation activities, and emerging risks are appropriately identified, documented, tracked, and escalated.
Responsibilities- Identify, assess, monitor, and report on technology-related operational risks across the organization, including information security, privacy, data protection, business continuity, AI, and emerging technology risks.
- Partner with IT, Information Security, Privacy, Data Protection, Compliance, Legal, Internal Audit, Business Continuity, and business stakeholders to identify risks, evaluate control effectiveness, and address control gaps.
- Conduct and facilitate technology and operational risk assessments, identifying risk themes, emerging risks, and opportunities to strengthen the control environment.
- Support the development, implementation, and continuous improvement of the firm's technology operational risk management framework, including risk taxonomies, control libraries, assessment methodologies, documentation standards, and governance processes.
- Collaborate with the Information Security GRC team to align risk assessments, risk and control libraries, and Risk and Control Self-Assessments (RCSAs), while leveraging outputs from Internal Audit and other assurance functions.
- Support the administration and ongoing enhancement of the Optro GRC platform and promote consistent risk documentation, reporting, and governance practices.
- Develop dashboards, key risk indicators (KRIs), metrics, and reporting to communicate technology risks, remediation activities, control effectiveness, and emerging risk trends to senior management and governance committees.
- Translate complex technical risks into clear, actionable business risk reporting for executive and non-technical audiences.
- Support privacy and data protection initiatives by documenting operational risks, participating in privacy risk assessments, evaluating processing activities, assessing third-party risks, tracking remediation efforts, and contributing to incident response activities.
- Partner with Data Protection teams to evaluate control gaps, perform operational risk gap analyses, and document, monitor, and report remediation activities.
- Support business continuity and operational resilience initiatives, including Business Impact Analyses (BIAs), identification of critical business processes and technology dependencies, assessment of technology recovery risks, and development of mitigation strategies.
- Contribute to the development and execution of AI governance and emerging technology risk management practices by participating in risk assessments, control design, monitoring activities, issue management, and governance processes.
- Track remediation plans, control deficiencies, risk mitigation activities, and action items, following up with risk owners to ensure timely resolution and appropriate escalation of significant or overdue issues.
- Support alignment of technology operational risk activities with regulatory requirements, industry standards, and internal policies by monitoring regulatory developments and assessing their impact on the organization's risk management practices.
- Build strong cross-functional relationships and serve as a trusted risk partner, promoting a proactive risk culture and effectively communicating technology risk strategies, findings, and recommendations across the organization.
- Bachelor's degree in Information Technology, Cybersecurity, Computer…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).