This job has expired, please see additional jobs below
Sr Director, Technology Risk & Controls
Lending Club
San Francisco, CA, United States
Job Details - this job has expired, please see similar jobs below
The Senior Director, Technology Risk & Controls will direct Lending Club’s efforts to develop and promote the technology oversight framework and manage the controls for technology related risk management activities. In this role, your responsibilities will include defining and maintaining risk frameworks, defining and monitoring for compliance against 2nd Line of Defense technology risk management policies and standards, monitoring and reporting aggregated risk and risk response, performing risk review and evaluation to identify and respond to risks and enable business objectives and decision making, and driving continuous improvement of risk management capabilities across businesses and divisions. You’ll support the VP, Technology Risk & Controls to maintain and improve technology management and oversight, as well as leading a team. You’ll understand technology risks by analyzing, anticipating and tracking the evolving risk. Furthermore, you’ll be accountable for reviewing and synthesizing metrics and reports and sharing information and trends with key business leaders.
Job description:
Technology Risk Identification, Assessment and Evaluation:
• Identify, assess and evaluate technology risk to enable the execution of the enterprise risk management strategy
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization, while evaluating their impact on business objectives
• Develop a risk awareness program and conduct training to ensure that business partners understand risk and participate in the risk management process and to promote a risk-aware culture
• Identify legal, regulatory and contractual requirements and organizational policies and standards associated to technology systems/applications to determine their potential impact on the business objectives
• Identify and evaluate risk response options and provide management with information to enable risk response decisions
Technology controls consulting & monitoring:
• Review technology policies, standards and procedures to verify that they address the company's internal and external requirements.
• Maintain an enterprise technology inventory to assure implementation and oversight of controls for all technology.
• Evaluate the current state of technology controls using a maturity model to identify the gaps between current and targeted controls maturity.
• Define the approach to correct technology control deficiencies and maturity gaps to guarantee that deficiencies are appropriately considered and remediated.
• Consult with process owners on design and implementation of technology controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives
• Monitor technology controls and conduct testing to ensure they function effectively and efficiently
• Provide technology control status reporting to relevant partners to enable informed decision making
• Facilitate the identification of metrics and Key Performance Indicators to qualify the measurement of technology control performance in meeting business objectives
• Monitor and communicate Key Risk Indicators (KRIs) and management activities to assist relevant partners in their decision-making process
• Ensures that all technology-related policies and procedures are following regulatory requirements
Requirements/qualifications:
• Bachelor's degree or equivalent in Business, Economics, Finance, Technology, Accounting or equivalent
• 8+ years of experience in technology or information security related field - financial/banking industry experience preferred
• Practical experience in internal/external audits, risk management - methods and techniques for the assessment and management of risk
• Experience in vulnerability assessment, security incident response and application security preferred
• Be able to summarize and communicate technical data to a non-technical audience.
• Ability to work in a collaborative environment
• Ability to take ownership of initiatives and issues and manage them to completion
• Able to create reports and analyze reports for a diverse group of partners
• Excellent verbal and written communication skills and excellent interpersonal skills
• Knowledge and skills across: COSO; ISACA Risk IT framework; ISACA COBIT 5.0; ISO 31000-series and 27000-series, 13335; NIST Cybersecurity framework
• Technical qualifications such as MIRM, CRISC, CISM, CISA, CISSP, or GIAC are preferred