Senior Managing Director, Information Risk Management

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.  

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

Position Summary

The SMD, Information Risk Management is responsible for the overall design, development, and implementation of the Information Risk Management Framework for Webster Bank and its subsidiaries.  The leader chairs the Info risk Committee of the Bank, is a member of the Enterprise Risk Management Committee, and regularly reports to the Risk Committee of the Board.   The function is responsible for establishing the Info risk management framework and policies and ensuring the bank has the processes and controls in place to comply with banking laws and regulations for existing and new activities.  The team provides advice and guidance to the first line for process and control enhancements.   The leader engages actively with senior managers and executives across the company and acts as a key point of coordination and communication with the regulators. 

Key Responsibilities

• Implement and execute the Enterprise Risk Management framework for Webster Technology.

• Establish necessary policies and associated standards for Information Technology Risk.  Collaborate with the CISO for Information Security and Business Continuity policies.

• Oversees all regulatory exams in Webster Technology.  Ensure process owners maintain appropriate documentation such that Webster Technology is always exam ready.

• Manage all policy exceptions and risk acceptances within the risk governance framework, ensuring appropriateness and periodic review.

• Lead the development of integrated and automated Webster Technology risk reporting processes to enable firm-wide aggregation of material risks, issues, KRIs and other data as may be required.  Report on a regular basis through appropriate committees.

• Lead the identification of material risks associated with Webster Technology activities in collaboration with IT, and the establishment of necessary operating procedures and technical standards to mitigate these risks and comply with policies and standards.

• Manages and educates process owner education on control design, self-assessment processes, control testing, and identifying KPIs and KRIs. 

• Maintains overall Webster Technology process taxonomy.  Leads the integration with the central GRC platform.

• Leads the organization to adapt risk and audit processes and practices to align to an agile operating model.

• Influences and partners in defining enterprise-wide risk appetite for appropriate risk types.

• Single point of escalation to the second line for non-compliance to policies and standards.  Monitor the status of issues owned by Webster Technology to ensure timely resolution.

• In partnership with legal and compliance, monitor for new legal requirements and communicate across Webster Technology as required.  Monitor progress toward implementation.

• In collaboration with the second line, monitor for new regulatory guidance associated with Webster Technology activities.

• Collaborate with enterprise risk management and legal to document management responses to regulatory exam findings.

Education, Experience and Skill Requirements

• Bachelor's degree in related field required.

• 15+ years of experience in Risk or Audit functions in a banking environment.

• 10 years of experience in leadership and IT project management.

• Managing and Synthesis of complex and potentially conflicting data into simple, actionable reporting.

• Strong familiarity with technology, and an aptitude for learning emerging technologies and how regulatory requirements may evolve.

• Strong written and verbal communication skills – ability to collaborate and communicate up/down and across the organization with internal/external partners.

• Ability to plainly describe risk concepts to first line operational personnel.

• Ability to resolve conflicting opinions without compromising high quality risk management.

• CISA or CISSP desired.

The estimated salary range for this position is $220,000 USD to $235,000 USD. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation..

#LI-JW1

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.