Director, Information Risk

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.  

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

Position Summary

The purpose of this 2nd line role is to mature our Risk Management practices and meet heightened regulatory expectations.  This role will help ensure effective IT controls and management of Technology Risk, in accordance with our ‘Safe & Resilient Environment’ focus area.  This role will assist to develop and implement our second line review and challenge.  They perform review of risks and controls, tracking of issues and acceptances, some testing of controls, reports on results, and supports the Second Line mandate to perform effective challenge, monitoring and oversight. The work done by this individual will be relied upon by ERM / IA / SOXPO, reducing the burden within IT.

Key Responsibilities

• In collaboration with IT process owners, lead the identification of material risks associated with Webster Technology activities, and the establishment of necessary operating procedures and technical standards to mitigate these risks and comply with policies and standards.

• Provide effective review and challenge and/or design, implementation, and execution of the Information Technology Risk Management framework/s and relevant controls.

• Liaison between second line and third line. Support or review requirements for internal audits, external audits, and regulatory exams.

• Coach, review and challenge process control designs, self-assessments (RCSA), input and track risk acceptances, and perform control testing. Provide guidance to and coordination with all constituencies. Identify enterprise trends, synergies, and opportunities for change.

Requirements

• 8+ years of experience in Risk or Audit functions, preferably in a banking environment

• Bachelor’s degree, advanced degree preferred

• CISA, CRISC, CISSP or other auditing or risk management certification preferred

• Strong risk management skills in field such as Enterprise or Operational Risk, Internal Audit, or Information Security Risk Management.

• Ability to plainly describe risk concepts to first line operational personnel.

• Synthesis of complex and potentially conflicting data into simple, actionable reporting.

• Familiarity with technology, and an aptitude for learning emerging technologies and how regulatory requirements may evolve. 

• Able to build successful relationships with all levels of staff and management, ability to collaborate and communicate up/down and across the organization with internal/external partners.

Soft Skills

• Problem Solving: Someone who is naturally curious, who can find creative solutions to effectively address auditor needs and implement in an impactful way

• Adaptability: Need to be able to work in a dynamic environment with shifting priorities, must be detail oriented with a systems mindset, and have strong project management / organizational skills

• Initiative: Make continuous progress on the things that matter without specific instructions; find more effective or efficient solutions to existing problems

• Communication: Excellent oral and written communication skills, and able to translate complex technical terms into simple business language

• Project Management: Able to lead multiple and/or complex projects and track status to completion, within given constraints

The estimated salary range for this position is $150,000 USD to $175,000 USD. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

#LI-RK1

#LI-Hybrid

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.