Lead, Information Technology Governance Risk Compliance

Responsible to lead the ongoing development and execution of the organization's IT Governance, Risk, and Compliance Programs, covering key areas such as policy management, risk assessments, issue management, audits, and vendor risk management to ensure the confidentiality, integrity, and availability of information assets (data and data systems). This includes leading initiatives to ensure IT aligns with business goals while managing risks and meeting regulations. In this role, you'll work with internal and external auditors and provide enterprise-wide guidance, documentation, and project leadership to support the IT GRC framework.

• Leads the development and maintenance of security policies and guidelines in alignment with regulatory requirements. Socializes policy changes to subject matter experts and line of business.
• Assists in the development of control documents with Security Architects for applications being governed.
• Ensures scheduled control checks for Information Technology, Information Security, and line of business defined controls are tracked and reported against.
• Standardizes, documents, maintains, and automates where possible, IT GRC processes.
• Performs IT risk assessments to evaluate risks and compensating controls and participates in enterprise-level risk assessments.
• Prepares formal written reports on governance, risk, and compliance.
• Oversees IT regulatory reviews, IT internal audits, and SOX testing of IT General Controls (ITGC).
• Supports lifecycle of issue management and policy exception process; reviews and consults teams on draft policy exceptions, prepares summary notes with recommendation for approve or deny; and effectively communicates IT issues and risks to management.
• Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other operational teams.
• Studies existing information processing systems to evaluate effectiveness of controls.
• Oversee vendor cybersecurity risk management for critical business services.
• Supports the security awareness programs within the business unit.
• Works with other bank leaders to support the mission and core values of the bank.
• Provides mentoring, guidance, and training to staff.
• Performs other job-related duties and special projects as assigned.

Carries out supervisory responsibilities in accordance with the organization's policies, procedures and applicable laws; Provides guidance and oversight to and is responsible for the coordination and evaluation of the assigned team. Responsibilities may include interviewing, hiring and training associates; planning, assigning and directing work; performance management; associate compensation; approving expense reports; addressing concerns and resolving problems.

• Bachelor's degree in Information Systems or relevant technical / science degree or equivalent experience in Information Systems required
• 6+ years of IT policy, controls, assessment, GRC, or audit experience required

• Ability to travel if required to perform the essential job functions
• Ability to work under stress and meet deadlines
• Ability to operate related equipment to perform the essential job functions
• Ability to read and interpret a document if required to perform the essential job functions
• Ability to lift/move/carry approximately 10 pounds if required to perform the essential job functions. If the employee is unable to lift/move/carry this weight and can be accommodated without causing the department/division an "undue hardship" then the employee must be accommodated; hence omitting lifting/moving/carrying as a physical requirement.