Senior IT Risk Officer (Remote - NJ, NC, AZ, VA)

This is a remote role that may be hired only in NC, AZ, NJ, VA.

**Remote with ability to travel to Raleigh, North Carolina, Phoenix, Arizona or Morristown, New Jersey, on an as needed basis.

This role will be responsible for working across the core and supporting functions of Cyber Security to develop and implement risk solutions for Identity and Access Management to ensure the Bank's continued stability and success. Partners with Senior Leadership and their teams to identify risks in an open, collaborative environment where ideas are vetted, and risks are documented for visibility and awareness. Responsible for providing proactive guidance and sharing technology industry risk best practices to one or more IT Business Units. Demonstrate expertise on IT Business Unit functions regarding potential issues and risks. Advocate for the IAM Business Unit through regular interaction with lines of defense (LOD) partners and regulatory agencies. Consult on the design and implementation of appropriate controls to mitigate risks to an acceptable level. Manage key risk activities and work with stakeholders on new and changing risk programs.

• Risk Consulting - Provides objective oversight of risks through a best-in-class consultative approach using defined methodologies and subject matter expertise. Provides leadership, consultation, and support for risk management. Fosters business unit relationships and implements training to promote engagement in risk management programs, including compliance with all risk policies and standards. Assist with the creation and delivery of presentations, workshops, and other materials as necessary to communicate risk management tactics. Guide and mentor less experienced associates in the department. Provide support for business programs, initiatives, and leaders. Serve as a consultant on risk best practices, processes, and regulatory requirements. Provides advisory services, preparation, and on-time deliverables during internal or regulatory audits and remediation efforts. Facilitates reporting and interdepartmental collaboration. Raise attention to Leadership concerning risk areas with potential adverse perceptions of the BU.
• Support Risk and Control Self-Assessments (RCSA) - Coordinate with Technology SME's, First Line Risk Management teams, and Second Line of Defense Risk Management Teams, to support RCSA execution. Leverage applicable risk assessments and remediation work to identify new controls or modify existing controls. Partner with Control Testing teams to ensure RCSAs are tested within the appropriate timeframe. Design and validate controls to reduce technology/security risks. This involves building strong partnerships across LOD's and IS Risk peers.
• Risk Management Proficiency - Maintains a strong knowledge of risk management developments or changes within the organization, industry, and market. Develops active relationships within professional networks to stay current on emerging issues and regulatory requirements. Communicates risk vision and regulatory requirements to applicable stakeholders, including less experienced associates in the work group. Maintain knowledge of IT industry frameworks (e.g., COBIT) and regulatory handbooks (e.g. FFIEC IT Handbooks).
• Business Continuity Planning/Business Impact Analysis - In partnership with Information Technology stakeholders and Business Continuity professionals, provide consultation and facilitate the completion of the business continuity plans (BCP) and Business Impact Analysis (BIA).

Bachelor's Degree and 9 years of experience in Financial Services, Risk Management, Operational Risk Management, Control Design, Compliance, Audit, or Accounting OR High School Diploma or GED and 13 years of experience in Financial Services, Risk Management, Operational Risk Management, Control Design, Compliance, Audit, or Accounting

Preferred Education: Master's Degree / MBA

Preferred Area of Study: Information Technology or Finance

Preferred Area of Experience: Operational Risk Management in an IT organization; Regulatory experience

License or Certification Type: CRISC - Certified in Risk and Information Systems Control Preferred, Framework Certification (ISACA COBIT 2019 Foundation; NIST) N/A, CISA - Certified Information Systems Auditor N/A, CISSP - Certified Information Systems Security Professional N/A

Skill(s): Knowledge of risk techniques and practices,

Experience performing Risk Assessments,

Experience performing gap assessments as per FFIEC IT Examiner's handbook,

Knowledge of Processes, Risks, and Controls, Experience developing Controls,

Knowledge of testing protocols for controls,

Knowledge of standard risk management or control frameworks such as COBIT, ISO, NIST, and ITIL,

Knowledge of operational and enterprise risk management including identification, assessment, and escalation of risk issues,

Proficiency in assessing risk and risk management practices,

Knowledge of financial sector regulatory practices for a large financial institution,

Effective at communicating audience-appropriate information to technical, management, and executive audiences,

Experience managing risk, performing governance activities, and risk assessment activities in Large Financial Institutions (>5 years)

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.