Senior Managing Director, IT Front Line Controls Officer

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.  

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

Position Summary

The IT Front Line Controls Officer (SMD) at Webster Bank will play a critical leadership role in overseeing and strengthening the bank’s control environment. The IT Front Line Control Officer will be responsible for the strategic and day-to-day oversight of technology-related risk management and control practices across the entire organization. This role will lead a team that works closely with IT, operations, Front Line Units (FLUs) and Front Line Control Officers (FLCOs) to ensure robust control frameworks that meet industry best practices, compliance with regulatory requirements, and alignment with Webster Bank’s overall risk appetite. The IT Front Line Control Officer will report directly to the Chief Controls Officer and is expected to provide thought leadership, guidance, and direction to enhance the bank’s risk and controls posture. The ideal candidate will bring significant expertise in technology risk, operational risk, enterprise risk, internal audit, internal controls and testing within the banking sector. This individual will also be involved with strategic and transformational initiatives and the delivery of critical, large-scale, complex, high-visibility, regulatory remediation programs.

Key Responsibilities

• Strategic Oversight: Manage strategic and day-to-day oversight of technology-related risk management and control practices across the entire organization, including management of the IT Front Line Control Office team.
• Stakeholder Engagement & Advisory: Collaborate with various business, IT, and operational teams to promote a strong risk culture, offering guidance on control design and risk mitigation strategies. Serve as the primary liaison between the Chief Controls Officer, front line units, and external auditors/examiners on technology control matters.
• Control Framework Development & Oversight: Design, implement, and maintain IT control frameworks, ensuring alignment with industry best practices (e.g., NIST, COBIT, COSO) and regulatory standards. Oversee ongoing control assessments to facilitate timely remediation of identified gaps.
• Risk Identification & Management: Partner with IT and Front Line Unit stakeholders to identify emerging technology risks, evaluate potential impacts, and develop mitigation strategies. Drive continuous monitoring of key risk indicators (KRIs) to maintain proactive identification and resolution of risk areas.
• Policy & Regulatory Compliance: Ensure adherence to internal policies, regulatory requirements, and cybersecurity standards applicable to the bank’s technology environment. Coordinate with the Legal and Compliance teams to stay abreast of new or changing regulations and provide guidance to front line units
• Controls Design & Inventory: Design and implement effective controls to mitigate identified risks, providing recommendations for improvement where necessary.
• RSCA Program Management: Lead the execution and documentation of RSCA processes across the IT Front Line Units (FLU) to ensure it aligns with regulatory requirements and industry best practices. Assist with designing and enhancing the RCSA program, ensuring compliance with internal policies, industry best practices and regulatory requirements.
• Risk Assessment: Coordinate and facilitate risk assessment workshops and activities to identify potential risks and control gaps. Analyze risk data to assess the likelihood and impact of risks on the bank’s operations.
• Proactive Oversight: Ensure proactive identification of potential control issues and deficiencies, determine root causes, and develop and execute on necessary remediation plans.
• Team Leadership & Development: Supervise and mentor a team of IT control professionals, setting performance expectations, providing regular feedback, and fostering professional growth. Promote a culture of accountability, collaboration, and continuous learning within the team and across front line units.
• Reporting & Communication: Prepare comprehensive reports for senior management, regulatory bodies, and board committees with clear insights into IT risk exposure and control effectiveness, and action plans for identified gaps. Exceptional written and verbal communication skills, with the ability to clearly convey technical risk concepts to non-technical audiences and executive leadership
• Training & Awareness: Lead training sessions to enhance staff understanding of IT risk management principles, control processes, and RCSA responsibilities. Promote a proactive risk management culture through continuous education and awareness initiatives.
• Continuous Improvement: Evaluate and improve the overall risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
• Audit & Regulatory Coordination: Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available. Act as a liaison between the business and regulators, providing transparent and comprehensive updates on the risk management program.
• Risk Management: Collaborate with senior leadership and department heads to identify and evaluate key risks, implement risk control measures, and monitor risk mitigation efforts.
• Governance: Oversee regular governance forums to ensure timely escalation, decision-making, and resource allocation for risk remediation activities.

Requirements

Education:

• Bachelor’s degree in Finance, Accounting, Business Administration, or a related field.
• Advanced degree and/or preferred industry-recognized certifications:
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• CGEIT (Certified in the Governance of Enterprise IT) 
• (Any combination of these certifications or equivalent professional designations is highly desirable.)

Experience:

• Minimum of 15 years progressive experience in technology risk, enterprise risk, operational risk, cybersecurity, or internal audit within the banking or financial services industry.
• Substantial experience leading first line technology risk programs, design and execution of risk management frameworks, RCSA and control testing, or similar internal audit testing programs.

Knowledge:

• Deep understanding of banking regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
• Strong understanding of IT governance frameworks (e.g., NIST CSF, COBIT), as well as relevant regulations (e.g., FFIEC, SOX, GLBA).
• Demonstrated ability to analyze complex technological environments and design appropriate control mechanisms.
• In-depth knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.

Skills:

• Analytical & Problem-Solving Abilities: Adept at synthesizing information from multiple sources, evaluating root causes, and proposing data-driven solutions.
• Collaboration & Influencing: Proven ability to build strong partnerships across cross-functional teams, influencing stakeholders to adopt best practices and risk mitigation strategies. Comfortable navigating a matrixed environment, balancing competing priorities effectively.
• Excellent verbal and written communication abilities, with the capacity to present complex information clearly.
• Ability to influence senior stakeholders and build effective working relationships across business units and lines of defense.
• Strategic thinker with attention to detail and operational acumen.
• ·Strong commitment to quality and continuous improvement.
• Proficiency in risk management software and data analysis tools.

#LI-RS1

The estimated salary range for this position is $225,000 to $300,000. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.