Sr. Resiliency Operational Risk Officer

Location:

Job Summary
The Senior Manager - Resiliency Risk Oversight position is a 2nd Line of Defense risk management role reporting into the Director, Resiliency Risk Management Oversight.

This position is responsible for Operational Risk oversight of the KeyBank Technology and Operations Services line of business, as well as technology and information security risk oversight for areas of the enterprise that manage technology. As part of this oversight role, experience with business continuity, operational resilience, disaster recovery, risk governance and the ability to leverage that experience to identify material risks, provide credible challenge and assist in developing effective mitigation strategies.

Responsibilities include providing guidance and oversight on current and emerging legal, regulatory, and operational risk issues, monitoring and measuring operational risk performance, and reviewing and challenging strategy (initiative, products, third parties, clients), and other operational risk activities associated with line of business risks, control design & implementation, testing, remediation, loss analysis, key risk indicators/metrics.

Essential Job Functions

• Perform regular monitoring of a series of reports, trigger events, emerging technologies, industry trends and other items in order to identify emerging risks
• Evaluate major projects, strategic initiatives and new products for technology and information security risks
• Evaluate risk and control identification within key processes and perform gap assessments on control coverage as well as first line of defense identification processes
• Evaluate enterprise resilience, technology and information security program's portfolios of projects, improvement efforts and strategic initiatives to ensure adequate investment in risk mitigation efforts in alignment with our risk tolerance and appetite
• Assist in building, maintaining and executing against a cyclical schedule of independent, risk-based assessments focused on business continuity, disaster recovery, incident management and response, and crisis management.
• Engage with 1st LOD teams to understand their point of view on performance of their operations, emerging risks and strategic opportunities and initiatives.
• Responsible for primary execution of Operational Risk oversight and help guide and influence implementation of operational policies and/or procedures to mitigate risk within appetite.
• Provide authoritative and consultative advice and support to management utilizing independence yet providing pro-business solutions.
• Analyze and provide feedback around risks associated with the offering of new and/or enhanced products, services, processes, business initiatives and outsourced third party activities.
• Respond to internal and external audits, regulatory exams and requests for information and provide review & challenge of any line of business responses to internal and external audits. Assist in the evaluation of audit and examination findings and implementation of corrective action and needed responses.
• Develop and maintain positive working relationships with internal clients, staff, peers, other risk partners, and LOB senior management.
• Escalates promptly to appropriate senior management or appropriate risk committee any material breaches of applicable laws, rules, policies or standards with actual or potential operational risk impact, and necessary correction action.
• Manage 2nd LOD requirements related to the Governance, Risk & Compliance application and Risk Assessment Processes.
• Other duties as assigned

REQUIRED QUALIFICATIONS

• Bachelor's degree in business, finance, technology, or economics or commensurate/relevant degree is required.
• Minimum of 5 years industry experience, within Operational Risk, Enterprise Risk, Technology Risk, Information Security Risk, External/Internal Audit or in the resiliency, technology, or information security lines of business.
• Obtained or actively studying for at least one of the following certifications:
  • ISACA: CISA, CRISC, CET, CGEIT, CISM
  • BCI: CBCI
  • DRI: CBCP
  • CIS: ISO22301 CBCM
• Outstanding active listening skills
• Demonstrated ability to work with internal and external auditors and regulators.
• Ability to think strategically coupled with the ability to drive to execution
• Ability to view risk holistically within a dynamic, fast paced team environment
• In-depth practical knowledge of internal controls, risk assessments and operational and compliance processes, and applicable techniques for implementation of compliance and legal requirements and operational processes.
• Familiarity with Microsoft Office tools such as Excel, Teams, and the proven ability to learn how to use other unique technologies.
• Capable of conducting in depth testing of systems, processes and controls
• Manage workflows and task assignment to ensure timely completion of work
• Have an execution oriented, process efficiency and continuous improvement mindset
• Possessing intellectual curiosity and a passion for seeking to understand
• Proven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practices

PREFFERED QUALIFICATIONS

• MBA, Law Degree or other relevant advanced education
• Current and practical knowledge of Technology and/or Information Security activities, challenges, and workflows
• Additional industry certifications such as those listed above
• BS or Masters in Technology or Security related field
• Foundational knowledge of Archer GRC preferred
• Project management, Agile experience preferred

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $105,000 to $125,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.