• Manage the accountability and oversight of the risk assessment process, ensure assessments are completed in a timely manner, are appropriately scoped, and provide assurance through independent review and challenge of management control testing, including applications, data centers, databases, and infrastructure.
• Have primary responsibility for architecting the risk assessment methodologies and systems to ensure all necessary inputs, modules, and reports are implemented to automate to the extent reasonably possible.
• Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes; perform gap analysis.
• Perform independent categorization and aggregation of technology risks identified by the first line of defense, and provide a thematic view of risk across the enterprise.
• Map regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies.
• Track regulatory compliance and maintain up to date records of requirements and corresponding mitigating controls.
• Ensure that CNB's IT framework, policies, and standards comply with regulations; work with the relevant Framework and Policy Committee(s) when policies need to be updated or created.
• Work with business units to ensure controls are effective and appropriately address the relevant regulatory and security requirements they address.
• Complete credible challenge and oversight of the first line of defense (the business functions) as a member of the second line of defense.
• Coordinate with other compliance functions – like Audit, Legal, Enterprise Risk, and Privacy – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
• Create presentations, briefings and communications on technology risk issues for a variety of internal and external stakeholders.

Must-Have*

• Bachelor's Degree In computer science, cyber security, information technology, information security, or related field
• Minimum 7 years of experience in Cyber and Technology risk assessment and analysis
• Minimum 4 years of experience with eGRC or equivalent risk or security management system
• Minimum 4 years working for a bank or financial institution

Skills and Knowledge

• Prefer experience in a Risk Management (2LOD) department along with at least 4 years in banking or financial services, or equivalent experience in a consulting capacity
• Prefer experience with internal control frameworks for information technology, information security, IT governance frameworks, and conducting and analyzing cyber and technology risk assessments.
• Demonstrate knowledge and aptitude for methods for scoring, calculating, and quantifying risk.
• Must be able to effectively articulate ideas through verbal and written communications.
• Experience with MS Excel, Word, PowerPoint, and eGRC systems, such as Archer or RSAM
• Prefer certifications: CISSP, CISA, CSIM, CGEIT, CRISC, FAIR or related certifications
• Prior experience analyzing and applying regulatory requirements to security practices
• Familiarity with changes and trends in the regulatory landscape
• Demonstrated organization, facilitation, communication, and presentation skills
• Demonstrated ability to lead and execute across a range of businesses and functions with differing issues and interdependencies
• Experience in designing and executing management testing of key controls, evaluating controls for design effectiveness, operating effectiveness, and efficiency.

#LI-LK1

#GD-LK

#CA-LK