Sr. Technology & Operations Risk Manager

Sr. Technology & Operations Risk Manager

Zions Bancorporation is seeking an experienced Technology and Operations Risk Manager within the Data, Technology and Cyber Risk Management Organization (DTCRO) with demonstrated expertise in risk oversight. This role provides independent 2nd Line oversight and credible challenge of the Bank’s Cybersecurity and Technology organizations.

With benefits starting on day one, 12 bank holidays, profit sharing and company-matched 401(k) contributions, Zions is dedicated to being an employer of choice in our communities. At Zions, the possibilities are endless. You bring the talent; we bring the opportunity.

The Technology and Operations Risk Manager will drive a risk‑focused, disciplined, and balanced approach to evaluating and strengthening risk management practices, control effectiveness, and governance processes in a complex technology and business environment, while leading a small team of risk professionals.

The Technology and Operations Risk Manager will provide independent 2nd Line oversight of Cybersecurity and Technology risk management, including risk‑based coverage planning, credible challenge, targeted assessments, thematic analysis, and clear reporting to governance forums and regulators.

• Provide independent 2
  
  LOD oversight of Cybersecurity, Technology and Supplier risk management.
• Define and communicate independent risk views for assigned oversight domains, including emerging risks and thematic trends.
• Evaluate alignment of 1
  
  LOD activities with enterprise risk frameworks, risk tolerances, and regulatory expectations.
• Lead and/or perform risk and control assessments, targeted reviews, and 2
  
  LOD control testing activities, to assess risk mitigation effectiveness.
• Provide embedded risk monitoring by participating in recurring and planned activities delivering real‑time credible challenge and escalating material concerns when warranted.
• Monitor Key Risk Indicators (KRIs) and metrics against stated risk appetite and tolerance thresholds.
• Prepare and deliver quantitative and qualitative risk reporting to management committees, executives, and the Board.
• Identify, challenge, and elevate material risks and control weaknesses in a timely and constructive manner.
• Oversee issue identification and remediation to ensure root causes are properly addressed.

• Establish and maintain strong working relationships with technology, cybersecurity, and supply chain business partners.
• Engage with stakeholders to embed effective risk management practices into daily operations and strategic initiatives.
• Provide industry and regulatory expertise to inform risk decisions and governance discussions.

• As leader within DTCRO, collaborate with other leaders to continually mature best practices and foster a respectful, inclusive, and positive team culture.
• Lead and develop a high‑performing team through hiring, coaching, performance management, and succession planning.

• Maintain accountability for budget oversight while adapting to evolving regulatory priorities, business needs, and emerging risks in support of the DTCRO organization.

• 10+ years in 1st or 2nd Line Risk Management or IT Audit, with expertise in at least two areas: cybersecurity, technology, cloud risk, or emerging technologies (e.g., GenAI, Quantum).
• Strong knowledge of cybersecurity and technology; dedicated to continuous learning.
• Experience with 2
  
  LODs oversight models and disciplined documentation for oversight activities and credible challenge.
• Strong leadership, relationship management, strategic thinking, diplomacy, and negotiation skills.
• Effective team leader who drives business objectives, promotes communication and teamwork, and mentors and develops team members’ skills.
• Demonstrates outstanding analytical and problem‑solving abilities, consistently utilizing evidence‑based decision‑making.
• Outstanding interpersonal, influencing, and negotiation abilities with executive presence.
• Holds an industry certification (CISSP, CISM, CRISC, CISA) or equivalent expertise.
• Bachelors in a relevant field or equivalent…