Chief Technology Risk Officer
Cenlar

The Chief Technology Risk Officer reports directly to the Chief Risk Officer. The position supports Cenlar's second-line risk management functions, particularly as they relate to Information Technology and to Information Security and Cyber Security practices. Specifically, this position ensures appropriate governance over information risk and the technology resources supporting Cenlar's businesses within a regulatory-compliant and risk-managed framework. The Chief Technology Risk Officer establishes and maintains the Technology Risk framework and methodology, which will be aligned with Cenlar's enterprise-wide risk management philosophy. This position documents and maintains the Technology and Security Risk governance methodology, Technology and Security risk management policies and standards, and associated procedures. Additionally, this role manages and oversees related risk assessments, testing, and reporting process. The Chief Technology Risk Officer develops the requisite for security controls and measures and leads Cenlar's Security Program with the Chief Information Security Officer (CISO).

Responsibilities:

General

• Supports the assessment of Technology and Security maturity and risk and support the efforts to establish strategic and tactical plans and the development of 1-3-5 year roadmaps
• Designs new technology and security controls and control processes for use across the organization as needed; facilitates the deployment and adoption of new controls or control processes
• Monitors the comprehensiveness and appropriateness of key Technology and Security risk and control related data and escalate concerns with data owners as appropriate
• Reviews results of the RCSA process as they related to technology controls and ensure action plans to remediate identified issues are appropriate
• Maintains regular contact with business units to ensure awareness of current initiatives and business requirements
• Leads ongoing mandatory Security Awareness training to educate employees about technology and security best practices
• Ensures management awareness and governance around technology risks and controls, including regular reporting
• Escalates technology or security concerns or exceptions to CRO as appropriate
• Identifies specific technology and security needs and discuss and resolve in partnership with CRO and Technology leadership
• Interfaces with Technology leadership on a regular basis to provide guidance on Technology Risk related issues
• Supports annual budget planning for Technology and Security Risk programs and initiatives. Audit and Regulatory Management
• Supports Internal Audit activity which includes responding to audit requests, providing status updates to management, responding to audit findings, and monitoring the progress of audit issues and remedial actions
• Assists in Regulatory exam requests as they pertain to Technology and Security which includes interacting directly with examiners, responding to regulatory requests, providing status updates to management, responding to regulatory examination findings, and monitoring the progress of regulatory examination issues and actions.

Policies, Standards, and Procedures

• Monitors Technology's compliance with enterprise-wide policies and standards, which includes reviewing relevant metrics and compliance reports
• Develops Technology-specific policies, standards, and associated procedures as needed. Additionally, coordinate the implementation and adoption of new or updated Technology policies, standards, and associated procedures as needed
• Facilitates the identification and remediation of any gaps identified during regular monitoring and/or risk assessments
• Reviews and recommends approval to exceptions of any applicable Technology and Security policies, standards or procedures

Risk Management

• Implements and maintains the Technology risk management framework, which aligns with Cenlar's enterprise-wide risk management framework
• Develops and implements second line Technology and Security testing protocols
• Develops, performs, and report Technology system risk assessment and gap analysis and design remediation plans as necessary
• Participates in and provide oversight to the Business Continuity Planning ("BCP") process and annual testing of the BCP
• Participates in the vendor risk assessment process, focusing on providing challenge for the initial due diligence and ongoing monitoring of technology and security risks
• Reports overall Technology and Security risk position to the Management Risk Committee and Board Risk Committee as appropriate
• Appropriately assess risk when business decisions are made, include but not limited to compliance and operational risk. Demonstrate consideration for Cenlar's reputation as well as our clients, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards
• Ensure all activities are in accordance with Cenlar's approved risk appetite statement and applicable compliance and regulatory requirements.

Qualifications:

• Bachelor's Degree or equivalent experience
• Master's Degree preferred
• Minimum of 15 years of Technology Risk Management and/or Technology Audit related activities in the financial industry. CISSP accreditation preferred
• Thorough understanding of regulatory standards for Cyber and Information Security and FFIEC Technology Examiners Handbook related requirements
• Ability to provide constructive challenge and appropriate issue escalation
• Excellent technical, analytical, and communication skills. Must be effective with individual contributors, teams and executive leadership
• Results oriented

---