Director, IT Risk Management
It's fun to work in a company where people truly BELIEVE in what they're doing!
Job Summary
The IT Risk Director is responsible for overseeing the global development, implementation and maintenance of the IT Risk management program in alignment with the established risk management framework, policies, and regulatory requirements across all business units and the banks. The IT Risk Director sets and determines the IT Risk Program's strategies and areas of focus for the company. As a leader, the IT Risk Director and their reports are responsible for the oversight and execution of the IT Risk Strategy as a 2nd line of defense function. This role is lead on ensuring FDIC regulatory compliance for IT risk. The IT Risk Director interacts with Sr. Leadership and risk committees and provides confidential assessments on IT risk and reports to the Chief Operational Risk Officer.
Job Description
Essential Job Functions
Leadership and Development – Lead a team of IT risk professionals of various experience levels and the evolution of their respective areas of responsibility. Hire and train new staff, conduct performance reviews and utilize subject matter expertise to guide and coach team members. Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department and throughout IT. Identify and understand drivers for change and act as a champion. Partner with IT leaders to deliver those changes. Demonstrate ability to lead in a team-fostered, fast-paced, multi-threaded environment, and able to effectively delegate and accomplish efforts through others.
Delivery - Responsible for understanding and promoting IT risk awareness and technology risk management strategy for the company and banks. Designs and implements global assessment and assurance strategies for IT risk management based on a strong IT background. Facilitates and coordinates IT risk assessments and benchmarking for infrastructure, cloud, System Delivery Lifecycle (SDLC), application hosting, IT vendors and web presence. Maintains up-to-date knowledge and understanding of technology trends, infrastructure vulnerabilities and business dependencies on IT strategy. Strengthens the IT environment through a close working relationship with IT senior leadership (CIO, CISO, etc.), deep understanding of the IT strategy, participation in advisory requests, and innovative thought leadership on emerging IT risks and issues.
Strategy - Develops IT Risk Strategy annually and drives the roadmap of risk assessments to continually measure progress. Manages the IT Risk Assessment Program and assures IT adhere to the ERO framework. Serves as lead from ERO to multiple IT Committees to influence strategy and assure growth through risk mitigation. Benchmarks business units to a common IT Risk register to assure quality and consistency globally. Provides confidential reports to Sr. Leadership and risk committees as business needs dictate.
Collaboration - Coordinates IT risk management across the enterprise; facilitate creation and communication of new or updated IT risk management plans, including the policy documentation. Collaborates with IT leadership to both understand needs, practices and expectations, as well as negotiate solutions that support IT risk management goals. Provides subject matter expertise in and oversight of the design and execution of IT reviews and testing. Functions as an ambassador to IT and senior leadership and provides guidance on prioritization for successful risk outcomes to improve quality and meet regulatory compliance.
Subject Matter Expertise – Intermediate to advanced knowledge of IT tools and practices including, but not limited to: Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling. Intermediate knowledge of regulatory bodies and corresponding compliance requirements including, but not limited to PCI-DSS, SOX, GLBA, CCPA, GDPR. Intermediate to expert knowledge of control frameworks including, but not limited to: FFIEC Examination Handbooks, NIST 800-53, ISO 27001. Intermediate knowledge of Cyber Security Maturity Frameworks such as NIST-CSF and FFIEC Cyber Assessment Tool.
Reports to: Chief Operational Risk Officer
Working Conditions/ Physical Requirements: Normal office environment
Direct Reports: Yes
Minimum Qualifications:
Bachelor’s degree or equivalent experience in Management Information Systems, Computer Science, Data Science. IT Certifications related to Risk, Audit, Info Sec, or Privacy e.g., CISSP, CISM, CISSP, CDPSE.
Ten or more years of experience in Technology Risk, or Control Management/Assessments; or Technology Audit experience. Knowledge of IT infrastructure and application development. Experience with IT risk and control frameworks and leveraging them to ensure completeness of analysis around IT risk identification and control strength assessment. IT risk management.
Preferred Experience:
Certification: Recognized ERM professional certifications.
Ten or more years of experience with Depth in Data Management including Data Protection and Data Governance.
About Bread Financial
At Bread Financial, you’ll have the opportunity to grow your career, give back to your community, and be a part of our award-winning culture. We’ve been consistently recognized as a best place to work in many markets and we’re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled—both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression.
Bread Financial is a tech-forward financial services company providing simple, personalized payment, lending and saving solutions. The company creates opportunities for its customers and partners through digitally-enabled choices that offer ease, empowerment, financial flexibility and exceptional customer experiences. Driven by a digital-first approach, data insights and white-label technology, Bread Financial delivers growth for its partners through a comprehensive product suite, including private label and co-brand credit cards, installment lending, and buy now, pay later (BNPL). Bread Financial also offers direct-to-consumer solutions that give customers more access, choice and freedom through its branded Bread CashbackTM American Express’® Credit Card and Bread SavingsTM products.
Formerly Alliance Data, Bread Financial is an S&P MidCap 400 company headquartered in Columbus, Ohio, and committed to sustainable business practices powered by its 6,000+ global associates.
- Bread Financial offers competitive pay, a comprehensive selection of benefit options including 401(k).
- The Company is an Equal Opportunity Employer.
- Any applicant offered employment will be required to establish that they are legally authorized to work in the United States for the Company.
- The Company participates in E-Verify.
- The Company will consider for employment all qualified applicants, including those with a criminal history, in a manner consistent with the requirements of all applicable federal, state, and local laws, including the Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act. Applicants with criminal histories are encouraged to apply.
- The Company complies with the Americans with Disabilities Act (ADA), as amended, and all applicable state/local laws. The Company will provide accommodations to applicants needing accommodations to complete the application process. Applicants with disabilities may contact the Company to request and arrange for accommodations. If you need assistance to accommodate a disability, you may request an accommodation at any time. Please contact the Recruiting Team at [email protected].
Disclosure of COVID-19 vaccination status will be required after acceptance of a conditional offer of employment except where prohibited by applicable law. Starting January 2022 and to the extent allowed by applicable law, the Company will require all associates who will be on-site or who will travel or interact with others in person as part of their job duties to either be fully vaccinated against COVID-19 or undergo at least weekly testing. The Company is an equal opportunity employer and will consider reasonable accommodations where required by applicable law.
Job Family:
Information Technology
Job Type:
Regular