About this role
Direct the Enterprise Technology & Security (ETS) Risk function by defining and evolving technology risk strategies, frameworks, policies, and assessment methodologies. Serve as executive liaison for regulators and audits, oversee risk findings and remediation, and lead third-party risk management for critical service providers.
Key Responsibilities
- Lead and oversee Technology Risk Management function and team
- Develop and evolve technology risk management strategy/framework aligned to enterprise risk appetite and regulatory expectations
- Oversee identification, assessment, monitoring, and reporting of technology and security risks
- Serve as primary executive liaison for regulatory examinations, internal audits, and supervisory engagements
- Oversee Third-Party Risk Management and drive remediation of risk findings, regulatory commitments, and corrective action plans
Technical Overview
Exec-level technology and security risk management across systems, applications, infrastructure, and processes. Includes cloud and modern engineering platform risk oversight, with knowledge of shared responsibility models, identity and access management, cloud native security controls, and modern practices such as DevSecOps, CI/CD pipelines, and containerized workloads using Docker and Kubernetes.
Ideal Candidate
The ideal candidate is an executive technology risk leader who has directed enterprise technology and security risk management, including risk identification, assessment, monitoring, and reporting. They have strong regulatory and audit liaison experience, can mature risk frameworks aligned to enterprise risk appetite, and understand cloud security concepts (shared responsibility, identity and access management) and modern engineering practices like DevSecOps and CI/CD.
Must-Have Skills
Lead and oversee the Technology Risk Management functionDevelopimplementand continuously evolve a comprehensive technology risk management strategy and frameworkOversee identificationassessmentmonitoringand reporting of technology and security risksDefine and maintain technology risk policiesstandardscontrol librariesand assessment methodologiesPrimary executive liaison for regulatory examinationsinternal auditsand supervisory engagementsOversee portfolio of risk findingsregulatory commitmentsand corrective action plansLead oversight of Third-Party Risk Management for technology and security critical service provider relationships
Nice-to-Have Skills
Working knowledge of cloud services and architectures (AWS and Azure preferred)DevSecOpsCI/CD pipelinescontainerized workloads (Docker/Kubernetes)champion a strong risk aware and risk informed culture through educationengagementand communication
Tools & Platforms
AWSAmazon Web ServicesAzureDockerKubernetes
Required Skills
technology risk managementrisk identificationrisk assessmentrisk monitoringrisk reportingtechnology risk policiescontrol librariesassessment methodologiesenterprise risk appetiteregulatory examinationsinternal auditssupervisory engagementsexecutive level risk reportingRisk Committeesrisk findingsregulatory commitmentscorrective action plansThird-Party Risk Managementcloud servicesshared responsibility modelsidentity and access managementcloud native security controlsDevSecOpsCI/CD pipelinesDockerKubernetesAWSAzure
Hard Skills
technology risk managementtechnology and security risk identificationtechnology and security risk assessmenttechnology and security risk monitoringtechnology and security risk reportingrisk management strategyenterprise risk appetite alignmentregulatory expectations alignmentindustry best practicestechnology risk policiestechnology risk standardscontrol librariesassessment methodologiesrisk framework maturationregulatory examinations coordinationinternal audits coordinationsupervisory engagements coordinationexecutive level risk reportingrisk committees reportingrisk findings portfolio oversightregulatory commitments trackingcorrective action plans remediationThird-Party Risk Managementthird-party risk monitoringindustry trend monitoringemerging threats monitoringregulatory developments monitoringcloud services and architecturesshared responsibility modelsidentity and access managementcloud native security controlsDevSecOpsCI/CD pipelinescontainerized workloadsDockerKubernetesAWSAmazon Web ServicesAzureDevOpscybersecurity and security controls (implied by security domains)
Soft Skills
leadershipteam managementculture buildingaccountabilitycontinuous improvementexecutive advisoryrelationship management with regulatorsrelationship management with audit and governance bodiesstakeholder partnershiptranslation of complex risk landscapes into strategic guidancecommunication and education
Keywords for Your Resume
Technology Risk DirectorEnterprise Technology & Security (ETS) Risk Directortechnology risk managementrisk identificationrisk assessmentrisk mitigationtechnology and security risksrisk frameworkenterprise risk appetiteregulatory expectationstechnology risk policiescontrol librariesassessment methodologiesexecutive level risk reportingRisk Committeesrisk findingsregulatory commitmentscorrective action plansThird-Party Risk Managementregulatory examinationsinternal auditssupervisory engagementsindustry trendsemerging threatsregulatory developmentscloud servicesshared responsibility modelsidentity and access managementcloud native security controlsDevSecOpsCI/CD pipelinesDockerKubernetesAWSAmazon Web ServicesAzurerisk monitoring
Deal Breakers
Must be able to lead and oversee the Technology Risk Management function, Must have experience with technology risk policies, standards, control libraries, and assessment methodologies, Must have experience overseeing Third-Party Risk Management for technology and security critical service provider relationships
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile