Technology and Information Security Risk Specialist
Listed on 2026-07-11
-
IT/Tech
Information Security, Cybersecurity, IT Business Analyst, IT Consultant
Technology and Information Security Risk Specialist
1114 Avenue of the Americas, NYC, NY, 10036
Vice President | Second Line of Defense
Position SummaryThe Technology and Information Security Risk Specialist provides independent Second Line oversight of the Bank’s technology infrastructure, information security, and cyber risk programs. The role evaluates whether risks are appropriately identified, assessed, escalated, reported, and remediated through a practical, connected, and risk‑based approach.
This position strengthens the Bank’s risk posture by providing effective review and challenge, supporting risk assessments and control reviews, and connecting technology and information security risk themes to operational risk, vendor risk, change management, resilience, data management, and broader ERM processes.
The role requires technical credibility, sound judgment, strong communication skills, and the ability to work effectively with First Line teams, senior leaders, auditors, regulators, Head Office, and executive stakeholders while maintaining Second Line independence.
Core Responsibilities- Second Line Oversight and Challenge — Provide independent oversight, ongoing monitoring, and effective challenge of First Line technology infrastructure, information security, and cyber risk programs, including governance, controls, execution, reporting, and residual risk.
- Risk Assessments and Control Reviews — Lead and review risk assessments, RCSAs, control testing, issues, remediation plans, KRIs/KPIs, policies, procedures, evidence, and supporting analysis.
- Framework and Program Connectivity — Develop and enhance the Second Line framework for technology and information security risk and assess connectivity to operational risk, vendor risk, change management, resilience, data management, and enterprise controls.
- Project, Change, and Emerging Technology Risk — Identify, assess, and report risks related to significant projects, new activities, vendor relationships, control changes, AI, automation, and other emerging technologies.
- Reporting and Enterprise Risk Support — Develop KRIs/KPIs, prepare clear materials for management, committee, audit, board, and regulatory discussions, and provide input for ICAAP, risk appetite, risk profile assessments, and ERM routines.
- Stakeholder Engagement — Coordinate with audit, regulators, Head Office, First Line technology and security teams, the CISO function, IT Operations Risk, Vendor Management, business lines, and executive stakeholders while maintaining Second Line independence.
- Training and Work Product — Support targeted risk awareness efforts and produce clear, defensible work that connects facts, risks, controls, dependencies, and conclusions.
- Experience and Education — 10+ years in technology infrastructure, information security, cyber risk, IT controls, or related oversight functions, preferably within a regulated financial institution; bachelor’s degree in a related technical or risk discipline preferred.
- Technical and Regulatory Knowledge — Strong knowledge of technology, cybersecurity, and control environments, including cloud, applications, infrastructure, access management, resilience, NIST, NYDFS Part 500, FFIEC guidance, and related risk expectations.
- Risk Assessment and Oversight — Skilled in risk assessments, control reviews, issue management, remediation tracking, risk reporting, governance routines, and effective challenge across First, Second, and Third Line stakeholders.
- Enterprise and Emerging Risk Connectivity — Ability to connect technology and information security risk themes to ERM processes, including ICAAP, risk appetite, risk profile assessments, enterprise reporting, AI, automation, and other emerging technology risks.
- Execution and Tools — Experience using GRC tools and managing technology or security‑related projects, technical teams, and cross‑functional work streams with clear ownership, deadlines, reporting, and follow‑through.
- Communication and Judgment — Strong analytical, writing, documentation, executive communication, professional judgment, independence, and ability to produce clear, defensible work for senior management,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).