VP Enterprise Risk Management
|Position:||VP Enterprise Risk Management|
|Reports To:||SVP, Head of Enterprise Risk Management|
|Location:||New York, NY|
The Vice President, Enterprise Risk Management (Technology Risk Team) will have responsibilities in all aspects of the enterprise-wide risk management program, with a particular emphasis on Technology Risk Management. This role is both a strategic and tactical position, where the candidate will facilitate and lead interfacing with functional units to evolve the organization’s ERM and Technology Risk Framework, and establish, communicate, and execute risk management methodology, processes, risk appetite and risk culture. Additionally, the role will involve extensive interaction with TCH’s external stakeholders, including supervisors and the Enterprise Risk Committee.
This role will support leadership in identifying and managing risks during a period of rapid organizational and technological change, and industry advancement. Areas of technology focus will include the advancement of the Company’s usage of Cloud Computing, migration from legacy technology, and adoption of Agile software delivery methodologies. The role will ensure that the company appropriately prioritizes, manages and monitors risk by collaborating with several departments and defining risk ownership. A successful candidate will contribute to the Technology Risk Management program by executing technology risk assessments, developing reporting, and progressing the ERM framework by enhancing information technology risk processes, controls, methodologies, guidelines, procedures, and practices.
- Bachelor’s degree in finance, business or technology-related field.
- At least 6-8 years of risk management experience serving as a subject matter expert in Technology Risk
- 10-12 years of financial services work experience managing and implementing enterprise-wide projects, multitasking
on projects with competing priorities, process decomposition and reengineering, risk assessments, due
diligence, Operational Risk Management and/or Technology Risk Management.
- Proven experience in working with or contributing to development of an ERM or Technology Risk framework in
a dynamic and complex organization.
- Applied knowledge of Information Technology operational business processes and industry best practices
including areas such as IAM, SDLC, Agile, Computer Operations, Security and Vulnerability Management.
- Knowledge of Information Technology Systems, Networks and Cloud Computing, e.g. experience with AWS,
MS365, or Azure.
- Applied experience with IT governance and controls, including governance and control frameworks, such as
NIST, COBIT, ITIL, FFIEC, COSO or equivalents.
- Excellent aptitude for modern IT Risk & Compliance concepts and methodologies.
- Current knowledge of regulations and emerging industry risks in the finance, banking and payments system
industry, with specific focus on Technology.
- Ability to understand management objectives, risk appetite, tolerances and impact of changes to risk profiles.
- Ability to work independently and proactively. Must be collaborative, innovative, resourceful, results oriented,
with appropriate judgment.
- Advanced degree such as Masters in Risk Management, MBA or equivalent qualification preferred in Risk,
Finance, or technology-related field.
- Knowledge of IT risk, security architecture design, network security, cloud/mobile security, data security and
internal/external threat intelligence/analysis.
- Experience with new technology trends relating to enterprise level cloud-based development, deployment, and
assessment, including PaaS, IaaS, and SaaS.
- Technical certifications such as CISA, CRISC, CGEIT, CCSP, CCSK, SANS SEC545, CISSP, GIAC, CISM, or equivalents
- Risk Management related certifications such as ISO-31000 are preferred.
- Experience in Payments and/or Banking related fields, including Payments or Banking Technology.
- RSA Archer or other GRC experience.
Essential Functions and Responsibilities:
- The ERM Vice President role is a critical member of the Risk Office and is responsible for contributing towards
the design, development, implementation, and execution of the ERM Technology Risk Framework in order to
effectively identify, measure, monitor, and control enterprise-wide technology risks.
- Plan and conduct technology risk assessments across The Clearing House suite of products and technology
domains. Socialize findings resulting from risk assessments with relevant stakeholders and assist with
remediation of said findings.
- Identify specific IT risk observations and work with affected parties to classify and address risk issues.
- Act as the IT risk management liaison between various business organizations and risk functions while dealing
with IT risk matters.
- Identify, understand, and assess Information and Technology risks associated with operational processes.
- Apply sound judgment in evaluating risks and controls. Effectively challenge IT leads on the identification and
acceptance of risks and the adequacy of controls.
- Perform risk assessments to identify current and emerging key risks (operational, technology, etc.).
- As the second line of defense, provide thought leadership and constructive challenge to the first line of
defense for risk-related matters.
- Build, maintain and enhance business relations with department and business heads for the smooth
implementation of risk management activities across the organization.
- Represent TCH at the internal and external risk committees, and to the supervisors, to provide periodic
updates on risk matters.
- Contribute to the evolution of the ERM Framework, including driving consistency in measurement and
methodology across risk management tools, and build out and maintenance of TCH Key Risk Indicators.
- Ensure the organization's risk profile as related to its activities and dependencies are in alignment with the TCH
Business Strategy and Risk Appetite.
- Monitor and analyze risks within the company's business units and report on these risks to the internal and
external risk committees of TCH, supervisors and other applicable internal stakeholders.
- Act as business subject matter expert for the design and implementation of strategic changes to the TCH GRC
- Help drive the ERM team in identifying, assessing, monitoring, communicating and reporting risk profiles and
matters to the applicable stakeholders.
- Ensure TCH’s Risk Culture is positively impacted through effective risk training and risk tools.
- Manage and develop junior team members and manage consultants as applicable.
- Support the Head of Enterprise Risk Management in implementing Risk Office goals for TCH.
- Work successfully in a collaborative and team-oriented environment which encourages diversity of thought
and open debate of ideas, must possess sound judgment and have the ability to function in a respectful
Physical Demands and Work Environment:
Work is generally sedentary in nature but may require standing and walking. The working environment is generally
favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by
noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
Travel may be required.
TCH places paramount importance on the health and safety of its employees, and, as such, we are taking all necessary steps to protect our workforce. Because this position may require business travel and/or working in close contact with colleagues and other third parties, TCH is requiring that the employee hired into this role present proof that they are fully vaccinated against COVID-19 during their first week of employment.
- A letter of interest describing your experience and interest in the position
- Your resume
- Names and contact information of three references, or three letters of reference
* Please submit a single application per position.