Bank of America Merchant Services
Technology Risk Manager
Bank of America Merchant Services, Lafayette, IN
First Merchants Bank is seeking a Technology Risk Manager to join our team. The Technology Risk Manager will play a key role in executing and managing technology risk mitigation strategies and programs. This position will focus on the implementation and operational aspects of Business Continuity Planning (BCP), Records Retention, general technology risk management, and optimizing our Archer Governance, Risk, and Compliance (GRC) system.
As part of this role you will:
To be successful in this position we require the following:
The following would be a plus:
First Merchants offers the following:
A little about us:
First Merchants is guided by a genuine philosophy of being a meaningful place to work and having a prosperous impact across all walks of life throughout the communities we serve, including consumers, businesses and other organizations. Our Vision, Mission and Team statement reflect and reinforce that authentic service philosophy.
Our Vision is:
To enhance the financial wellness of the diverse communities we serve.
Our Mission is:
To be the most responsive, knowledgeable, and high-performing financial organization for our clients, teammates, and shareholders.
Our Team:
"We are a collection of dynamic colleagues with diverse experiences and perspectives who share a passion for positively impacting lives. We are genuinely committed to attracting and engaging teammates of diverse backgrounds. We believe in the power of inclusion and belonging."
Apply today to begin your career with us!
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
As part of this role you will:
- Business Continuity Planning:
- Ensure the maintenance of the business continuity management framework that includes policies, procedures, and guidelines.
- Develop, maintain, and coordinate the scheduling of business impact analyses, risk assessments, process and system inventories, and recovery strategies to maintain compliance audits, policies, and standards.
- Administer business continuity plans, ensuring they align with regulatory requirements and industry standards.
- Collaborate with internal stakeholders to enhance, develop, or lead training and awareness programs for business continuity planning.
- Maintain and propose metrics to objectively assess the bank's business continuity program and disaster recovery capabilities. Make recommendations for improvements.
- Records Retention:
- Ensure the maintenance and compliance of the records retention program in close partnership with legal to ensure compliance with applicable laws, regulations, and internal policies.
- Develop and ensure the maintenance of the records retention policies, procedures, and guidelines to ensure compliance with regulatory and auditing requirements.
- Collaborate with relevant departments to enhance, develop, or lead training to ensure the proper storage, retrieval, and disposal of records in accordance with legal and regulatory requirements.
- Conduct or lead periodic assessments and reviews of records retention program to identify gaps and propose corrective actions.
- Maintain and propose metrics to objectively assess, understand, and support effective program management, compliance, and continual improvement.
- Data Privacy:
- Collaborate with legal, compliance, and data governance teams to ensure the bank's adherence to data privacy requirements, policies, procedures, and guidelines.
- Maintain and propose metrics to objectively assess and understand compliance with regulatory requirements and to identify potential risks and issues.
- Line 1 Technology Risk Management
- Facilitate and support processes to align with the enterprise risk management framework to identify, assess, and monitor technology risks.
- Participate in or lead periodic risk assessments to maintain an effective technology risk register.
- Collaborate with stakeholders and process owners to help implement risk mitigation strategies and controls to address identified technology risks.
- Collaborate with operational business units to monitor and understand the effectiveness of remediation plans and support risk acceptance.
- Maintain risk registers and ensure accurate reporting of risk status and metrics.
- Participate in audits to maintain compliance with relevant policies, standards, and regulatory requirements.
- Maintain effective communication channels, management tools, and metrics to provide transparency and accountability in a risk-based culture.
- Partner and collaborate with Line 2 Technology Risk Management to maintain alignment in governance to ensure an effective, credible challenge practice.
- Collaborate with operational business units to support effective technology risk governance.
- Maintain metrics to objectively assess and understand the effectiveness of risk management practices, support continual improvement, and help with strategic planning.
- GRC System:
- Work with various stakeholders on the optimization of the bank's GRC system to maintain effective risk management processes by recommending, implementing, or improving workflows, training, reporting, and dashboards.
- Plan and facilitate upgrades, enhancement testing, and changes by working with management teams to verify needs are well defined and changes are implemented seamlessly into the production environment to increase process efficiency and/or satisfy business needs.
To be successful in this position we require the following:
- High school diploma or equivalent (GED).
- A minimum of five (5) years of experience in risk management, information security, compliance, or a related field.
- knowledge of risk management frameworks, methods, or standards (e.g., NIST, ISO 27001, FAIR, ISO 22301, or ISO 9001).
- Experience with GRC systems (e.g., Archer).
The following would be a plus:
- Relevant certifications, such as Information Technology Information Library (ITIL) or Certified Information Systems Auditor (CISA).
First Merchants offers the following:
- Base Pay PLUS Bonuses
- Medical, Dental and Vision Insurance
- 401k
- Health Savings and Flexible Spending Accounts
- Vacation/Sick Time
- Paid Holidays
- Paid Parental Leave
- Tuition Reimbursement
- Additional Benefits
A little about us:
First Merchants is guided by a genuine philosophy of being a meaningful place to work and having a prosperous impact across all walks of life throughout the communities we serve, including consumers, businesses and other organizations. Our Vision, Mission and Team statement reflect and reinforce that authentic service philosophy.
Our Vision is:
To enhance the financial wellness of the diverse communities we serve.
Our Mission is:
To be the most responsive, knowledgeable, and high-performing financial organization for our clients, teammates, and shareholders.
Our Team:
"We are a collection of dynamic colleagues with diverse experiences and perspectives who share a passion for positively impacting lives. We are genuinely committed to attracting and engaging teammates of diverse backgrounds. We believe in the power of inclusion and belonging."
Apply today to begin your career with us!
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)