Sr. Operational Risk Officer - Technology/Cybersecurity

Location:

4910 Tiedeman Road - Brooklyn, Ohio 44144

Job Summary

Reporting to the Director, Technology Risk Oversight, this 2nd Line of Defense role will be part of the team supporting various support functions within Key Technology and Operations (KTOS) including Intelligent Automation, Contact Center and Investment Operations, Enterprise Technology Services and Enterprise Application Delivery and Support.

This role will be responsible for performing appropriate oversight to drive assurance that Key remains compliant with all applicable Technology Risk practices. As part of this oversight role, experience with technology delivery, application development, technology operations, enterprise architecture, technology governance, information security, and the ability to leverage that experience to identify material risks, provide credible challenge and assist in developing effective mitigation strategies.

Responsibilities

• Collaborate with leaders to gain insights on operational performance, emerging risks and strategic initiatives while identifying opportunities for improvement.
• Evaluate and monitor projects, strategic initiatives, and new technologies to ensure alignment with risk tolerance and business goals.
• Review risks, controls and, conduct assessments to support effective oversight and compliance with risk management requirements.
• Oversee the technology portfolio, assessing projects and initiatives to ensure alignment with risk appetite and adequate mitigation strategies.
• Support and enhance the overall risk oversight framework by developing and updating oversight practices.
• Partner with various teams to influence the implementation of operational practices to mitigate risk within appetite.
• Provide expert advice on risk management practices, offering practical solutions to mitigate identified risks.
• Analyze and assess risks associated with new products or services including third parties.
• Assist with audits and regulatory examinations, ensuring through and timely responses to inquiries and findings.
• Foster positive relationships with business partners and senior management ensuring open communication on risk matters.
• Escalate and report any significant risk issues and facilitate appropriate corrective actions.
• Perform ongoing monitoring of emerging risks, industry and regulatory trends.

Education Qualifications

• Bachelor's Degree (Or equivalent experience may be considered) (required)
• Minimum of 8-10 years industry experience, within Operational Risk, Enterprise Risk, Technology Risk, Information Security Risk, External/Internal Audit or in the technology or information security lines of business.
• Obtained at a minimum one of the following certifications:
  • ISACA: CISA, CRISC, CET, CGEIT, CISM
  • ISC2: CISSP, CCSP, SSCP
  • Cloud Security Alliance Certs: CCAK
  • Cloud Provider-Specific Certifications
• Outstanding active listening skills
• Demonstrated ability to work with internal and external auditors and regulators.
• Ability to think strategically coupled with the ability to drive to execution 
• Ability to view risk holistically within a dynamic, fast paced team environment
• In-depth practical knowledge of internal controls, risk assessments and operational and compliance processes, and applicable techniques for implementation of compliance and legal requirements and operational processes.
• Familiarity with Microsoft Office tools such as Excel, Teams, and the proven ability to learn how to use other unique technologies.
• Capable of conducting in depth testing of systems, processes and controls
• Manage workflows and task assignment to ensure timely completion of work
• Have an execution oriented, process efficiency and continuous improvement mindset
• Possessing intellectual curiosity and a passion for seeking to understand
• Proven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practices

Preferred Qualifications

• MBA, or other relevant advanced education in business, finance, technology, or economics
• Experience working in the financial services industry and or a second line oversight function for a financial institution
• Current and practical knowledge of Technology and/or Information Security activities, challenges, and workflows
• Additional industry certifications such as those listed above
• Foundational knowledge of Archer GRC preferred
• Project management, Agile experience preferred

Experience Qualifications

• 8+ years Experience in technology and information security (required)
• 5+ years Operational risk management, audit, operations, or project management or equivalent experience, strongly focused on process design, development, risks and controls (required)

Licenses and Certifications

• Applicable technology, information security and or risk management certifications.

Tactical Skills

• Demonstrated experience working with regulatory agencies, guidelines and requirements
• Strong ability to work with all levels of management within the company
• Experience working/managing projects across multiple functional areas and dealing with multiple business partners
• Experience working on initiatives that require strategic planning/thinking
• Flexibility to switch priorities based on the needs of the company in a fast-paced environment
• Ability to grasp complex processes quickly and be able to identify risks and compensating controls
• Excellent problem-solving abilities and results oriented; able to make decisions independently
• Proven ability to work as a team
• Strong leadership skills and ability to influence others
• Sound understanding of compliance and operational risks and internal control frameworks
• Strong analytical/research skills coupled with ability to effectively summarize findings
• Excellent oral, written and interpersonal skills
• Ability to adapt to change and communicate changing requirements
• Excellent organizational skills and meticulous attention to detail
• Self-motivated
• Proficient PC skills with experience in Microsoft Office, Outlook and, SharePoint

Personal Skills

• Adaptability: Demonstrates a willingness to listen to other opinions and adjusts to new or changing assignments, processes, and people while avoiding snap reactions
• Agile Mindset: Explains specific agile processes and its associated checkpoints and deliverables and applies major agile tools and techniques to accomplish tasks; understands that failures/defects equate to new learnings
• Collaboration: Demonstrates experience in participating in productive collaborative processes that help solve business problems and meet business goals
• Problem Solving: Demonstrates the ability to examine a specific problem and understand the perspective of stakeholders; uses fact-finding techniques to identify and document specific problems

Practical Skills

• Business Acumen: Participates in business tasks to get things done in own business unit and communicates key considerations for business decision-making processes
• Data Analysis: Identifies correlations that reveal trends and determine conditions, often with disparate data sets; Evaluates the quality of data collected and the effectiveness of data analysis methods for evaluating performance
• Oral & Written Communication: Possesses the ability to adapt listening and facilitation style to others’ communication styles and uses various approaches appropriately and effectively
• Risk Management: Implements or manages risk management for own business unit and documents key steps of the risk management process and associated procedures
• Systems Thinking: Analyzes the dynamics of a system to determine key characteristics, properties, and functions; surfaces problems within systems and searches for root causes while leveraging a foundational knowledge of continuous improvement

Core Competencies

• All KeyBank employees are expected to demonstrate Key’s Values and sustain proficiency in identified Leadership Competencies.

Physical Demands

• General Office - Prolonged sitting, ability to communicate face to face in person or on the phone with teammates and clients, frequent use of PC/laptop, occasional lifting/pushing/pulling of backpacks, computer bags up to 10 lbs.

Travel

• Occasional travel to include overnight stay.

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $115,000 to $150,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

Job Posting Expiration Date: 12/12/2024

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

 

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

#LI-Remote