Director, Technology Risk Management

About Us

Finance of America helps homeowners 55+ access the equity they’ve built while staying in full control of their home and their financial future. Through a range of reverse mortgage solutions, we help customers shape the retirement they’ve earned while continuing to evolve how we serve and work together.

Joining Finance of America now means stepping into a period of momentum and growth, with teams actively shaping what comes next and opportunities to make an impact and grow your career.

To learn more about us, visit www.financeofamerica.com

Purpose of Role

Responsible for leading the identification, assessment, and proactive management of technology risk across the enterprise, ensuring alignment with defined risk appetite, regulatory expectations, and business objectives. Drives a forward-looking, data-driven risk management approach across cloud, cybersecurity, AI, and third-party ecosystems, while embedding risk management into day-to-day technology and product decision-making. Partners across the enterprise to strengthen control maturity, enable responsible innovation, and provide clear, actionable risk insights to senior leadership.

Key Responsibilities and Expectations

Technology Risk Strategy & Governance

• Leads execution of the Technology Risk Management framework, aligned to industry standards (e.g., NIST CSF, FFIEC, SOX ITGC).
• Translates regulatory expectations into pragmatic, delivery-aligned controls and practices across Technology and Product teams.
• Drives definition, operationalization, and monitoring of technology risk appetite, tolerances, and KRIs.

Risk Identification, Assessment & Insights

• Oversees enterprise-wide identification and assessment of technology risks across: Cloud and Infrastructure, Cybersecurity and data protection, AI and emerging technologies, and Third-party/vendor ecosystems.
• Delivers data-driven risk insights and reporting, that clearly articulate risk posture, trends, and emerging risks to senior leadership.
• Evolves risk reporting from static outputs to forward-looking, decision-enabling intelligence.

Control Environment & Regulatory Compliance

• Drives continuous improvement of control maturity to meet regulatory expectations, including sustained SOX ITGC effectiveness.
• Partners with Technology teams to design and implement scalable, automated controls.
• Ensures timely and high-quality execution of regulatory exams, internal audits, and remediation commitments.

Issue & Remediation Management

• Oversees end-to-end issue management lifecycle, including identification, prioritization, root cause analysis, and sustainable remediation.
• Drives accountability for timely remediation of high-risk issues and reduction of aged items.
• Ensures systemic fixes over point-in-time remediation.

Technology & Process Enablement

• Leads adoption of automation and tooling to enhance risk identification, monitoring, and reporting 
• Evaluates and improve end-to-end technology processes to reduce risk, increase resilience, and enhance operational efficiency.
• Promotes integration of risk management into SDLC, product development, and change management processes.

Emerging Risk & Innovation Oversight

• Establishes governance and risk oversight for AI and emerging technologies, ensuring alignment with internal standards and evolving regulatory expectations.
• Assesses risks associated with new technology initiatives and provide actionable guidance to enable safe adoption.

Stakeholder Engagement & Leadership

• Serves as a trusted partner to Technology and Business leaders to proactively manage risk.
• Leads engagement with Internal Audit, External Audit, and second line of defense functions.
• Builds and develop a high-performing team, fostering a culture of ownership, transparency, and continuous improvement.
• Performs other duties as assigned.

Reports To

• VP, Technology Risk Management

Direct Reports

• (1-3) Direct: Technology Risk Management team members

Qualifications - Experience/Skills/Competencies

• Minimum 10 years of experience in Technology Risk, Cybersecurity, IT Audit or related disciplines within financial services or regulated environments.
• Proven experience operating in or alongside first line technology functions, with strong business partnership orientation.
• Demonstrated success in evolving risk programs to strategic, insight-driven functions.
• Deep understanding of technology risk domains, including: Cloud and infrastructure risk, Cybersecurity and data protection, Third-party/vendor risk, and AI/emerging technology risk.
• Strong knowledge of regulatory frameworks (FFIEC, NIST CSF, SOX ITGC).
• Ability to translate complex technical risks into clear, concise executive-level reporting.
• Strong judgement, with the ability to balance risk management with business enablement.
• Proven ability to lead and develop high-performing teams.
• Strong stakeholder management skills, with experience engaging senior leadership and regulators.
• Able to drive accountability, foster collaboration, and promote a culture of continuous improvement.

Qualifications - Education - Required

• Bachelor's Degree

Qualifications - Education - Field(s)/Profession(s)

• Relevant certifications (e.g., CISA, CRISC, CISSP).

Compensation

The base salary range for this position is ($150,000 - $200,000) inclusive of all geographical differences in the labor market. The base salary for the position will be determined based on factors such as the candidate’s work location, skills, education, and experience. In addition to those factors, we believe in the importance of pay equity and consider the internal equity of our current team members in determining any final offer. We offer a competitive benefits package including health, dental, vision, life insurance, paid time-off benefits, flexible spending account, 401(k) with employer match, and ESPP.

Additional Information

The application deadline for this job opportunity is 7/1/2026.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. 

Finance of America is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, sex (including pregnancy), sexual orientation, religion, creed, age, national origin, physical or mental disability, gender identity and/or expression, marital status, veteran status or other characteristics protected by law.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.