Columbia Bank
VP, Enterprise Technology Risk Management
Columbia Bank, Fair Lawn, New Jersey, us, 07410
Summary:
Building upon Columbia Bank's Operational Risk Management Framework, this position will be responsible for Enterprise Technology Risk Management (ETRM) with a focus on identifying, assessing, mitigating, and monitoring risks related to an organization's technology infrastructure, systems, and processes. The role will ensure that the organization's technology operations align with regulatory standards, business objectives, and risk tolerance levels. The ETRM role will operate as a part of the broader Enterprise Risk Management (ERM) framework, with a specific emphasis on technology and cybersecurity risk. Job Responsibilities: Enterprise Risk Management Controls
Oversight of the establishment and implementation of technology standards, procedures, and frameworks for the coverage domains. Leading a second line function that is responsible for executing a holistic, integrated operating model inclusive of performance of technology capability risk assessments, conducting credible challenge activities and ongoing monitoring against industry frameworks (i.e COBIT, NIST CSF/CRI, ISO/IEC 27001/27002, etc.) and in compliance with the OCC's Heightened Standards. Contribute to the design, development, implementation, and execution of the organization's ERM Framework. Maintain an inventory of technology assets and associated risks, ensuring an understanding of the organization's threat landscape. Maintain and provide continuous governance and oversight of business and technology risk. Coordinate the creation, implementation, and maintenance of policies, controls, and procedures to align with ISO/IEC 27001/27002 certification requirements as it pertains to technology risk management. Support the Bank in maintaining and improving its ISO/IEC 27001 Information Security Management System (ISMS).
Enterprise Risk Mitigation
Identify potential cybersecurity and technology risks associated with new and evolving business processes, assessing potential impacts to those processes, and engaging with other leaders to counsel them on the risk treatment options based on the Line of Business and enterprise technology risk appetite. Perform independent review and credible challenge of the performance of universal key indicators and other metrics in support of the Technology and Cyber Risk Appetite Statements. Maintain oversight of Key Enterprise Technology Operational Risks and related indicators and thresholds. Support the organization’s preparation for internal and external ISO/IEC 27001 audits, including audit planning, evidence collection, and managing relationships with auditors.
Project Management
Oversight of the delivery and performance of technology solutions that are distributed to ensure appropriate controls are in place prior to deployment with minimal post implementation disruption. Develop and maintain the project roadmap; drive, prioritize, and execute an agenda to deliver tangible results. Facilitate/lead the planning and execution of the firm-wide Risk & Control Self-Assessment program, working closely with the first line of defense (FLOD). Build/maintain/enhance business relations with department and business heads for smooth implementation of risk management activities across the organization. Manage the implementation of ISO/IEC 27001- compliant controls into the organization's technology infrastructure, systems, and processes. Balance risk management practices with the organization’s strategic goals and innovation needs. Ensure technology risks are managed without stifling business growth or agility.
Educational
Stay current on emerging cyber threats and potential implications to Columbia Bank. Constructively debate issues and connect the dots across various assessments (examples include assessments of new initiatives, scenario analysis, challenge of proposed mitigation plans and risk acceptances, etc.) Advise on ISO/IEC 27001 certification strategies, leveraging expertise and industry insights. Develop training programs to promote awareness and compliance with ISO/IEC 27001 standards throughout the organization.
Other
Performs other job-related duties as assigned.
Job Requirements: Bachelor's degree required, Master's preferred. 10+ years’ experience working in Risk, Information Security, or related field. Knowledge of Risk Management Principles, applicable laws, regulations, financial services, and regulatory trends that impact information security and technology risk management. Organization and project management skills. Ability to build strong relationships across the organization and collaborate well and ability to drive and lead others through change. Strong understanding of security risk management frameworks such as ISO 27001/27002, NIST, COBIT, ITIL, and OCC standards. Great analytical skills and attention to detail. Knowledge of cloud security and experience working with cloud providers such as AWS, Azure, or GCP. Ability to dive deep into various cybersecurity processes and experience implementing controls at a financial institution. Relevant certifications such as CISSP, CISM, or equivalent are preferred. Columbia Bank and its affiliates is an Equal Opportunity Employer Affirmative Action Employer/Males/Females/Protected Veterans/Individuals with Disabilities
#J-18808-Ljbffr
Building upon Columbia Bank's Operational Risk Management Framework, this position will be responsible for Enterprise Technology Risk Management (ETRM) with a focus on identifying, assessing, mitigating, and monitoring risks related to an organization's technology infrastructure, systems, and processes. The role will ensure that the organization's technology operations align with regulatory standards, business objectives, and risk tolerance levels. The ETRM role will operate as a part of the broader Enterprise Risk Management (ERM) framework, with a specific emphasis on technology and cybersecurity risk. Job Responsibilities: Enterprise Risk Management Controls
Oversight of the establishment and implementation of technology standards, procedures, and frameworks for the coverage domains. Leading a second line function that is responsible for executing a holistic, integrated operating model inclusive of performance of technology capability risk assessments, conducting credible challenge activities and ongoing monitoring against industry frameworks (i.e COBIT, NIST CSF/CRI, ISO/IEC 27001/27002, etc.) and in compliance with the OCC's Heightened Standards. Contribute to the design, development, implementation, and execution of the organization's ERM Framework. Maintain an inventory of technology assets and associated risks, ensuring an understanding of the organization's threat landscape. Maintain and provide continuous governance and oversight of business and technology risk. Coordinate the creation, implementation, and maintenance of policies, controls, and procedures to align with ISO/IEC 27001/27002 certification requirements as it pertains to technology risk management. Support the Bank in maintaining and improving its ISO/IEC 27001 Information Security Management System (ISMS).
Enterprise Risk Mitigation
Identify potential cybersecurity and technology risks associated with new and evolving business processes, assessing potential impacts to those processes, and engaging with other leaders to counsel them on the risk treatment options based on the Line of Business and enterprise technology risk appetite. Perform independent review and credible challenge of the performance of universal key indicators and other metrics in support of the Technology and Cyber Risk Appetite Statements. Maintain oversight of Key Enterprise Technology Operational Risks and related indicators and thresholds. Support the organization’s preparation for internal and external ISO/IEC 27001 audits, including audit planning, evidence collection, and managing relationships with auditors.
Project Management
Oversight of the delivery and performance of technology solutions that are distributed to ensure appropriate controls are in place prior to deployment with minimal post implementation disruption. Develop and maintain the project roadmap; drive, prioritize, and execute an agenda to deliver tangible results. Facilitate/lead the planning and execution of the firm-wide Risk & Control Self-Assessment program, working closely with the first line of defense (FLOD). Build/maintain/enhance business relations with department and business heads for smooth implementation of risk management activities across the organization. Manage the implementation of ISO/IEC 27001- compliant controls into the organization's technology infrastructure, systems, and processes. Balance risk management practices with the organization’s strategic goals and innovation needs. Ensure technology risks are managed without stifling business growth or agility.
Educational
Stay current on emerging cyber threats and potential implications to Columbia Bank. Constructively debate issues and connect the dots across various assessments (examples include assessments of new initiatives, scenario analysis, challenge of proposed mitigation plans and risk acceptances, etc.) Advise on ISO/IEC 27001 certification strategies, leveraging expertise and industry insights. Develop training programs to promote awareness and compliance with ISO/IEC 27001 standards throughout the organization.
Other
Performs other job-related duties as assigned.
Job Requirements: Bachelor's degree required, Master's preferred. 10+ years’ experience working in Risk, Information Security, or related field. Knowledge of Risk Management Principles, applicable laws, regulations, financial services, and regulatory trends that impact information security and technology risk management. Organization and project management skills. Ability to build strong relationships across the organization and collaborate well and ability to drive and lead others through change. Strong understanding of security risk management frameworks such as ISO 27001/27002, NIST, COBIT, ITIL, and OCC standards. Great analytical skills and attention to detail. Knowledge of cloud security and experience working with cloud providers such as AWS, Azure, or GCP. Ability to dive deep into various cybersecurity processes and experience implementing controls at a financial institution. Relevant certifications such as CISSP, CISM, or equivalent are preferred. Columbia Bank and its affiliates is an Equal Opportunity Employer Affirmative Action Employer/Males/Females/Protected Veterans/Individuals with Disabilities
#J-18808-Ljbffr