Director, Technology Governance, Risk & IT Third Party Mgmt

We are currently seeking a Director, Technology Governance, Risk & IT Third Party Management to join our team.

The Director, Technology Governance, Risk & IT Third Party Management oversees the design, implementation and operationalization of 1B line of defence programs to ensure technology governance technology, IT risk management, and IT third party oversight align with the credit union’s technology and business strategies. The Director plays a pivotal role in driving business success by bridging technology, IT Risk, IT Audit and business leaders through recommending effective practices for maximizing business value through technology. This role ensures compliance with federal regulations by developing enterprise-wide policies, IT supporting guidelines, procedures, programs and practices. The Director also oversees the operationalisation of specific policies and programs, including Third Party Risk Management, enterprise-wide software access, IT service procurement and rationalization, vendor invoicing, budget support and federal compliance. Additionally, this role leads the development of deliverables including the IT Quarterly Risk Report and associated key metrics. 

Here’s what would be included as a part of your typical day

1. Leadership: Provides coaching, guidance, strategic direction to team. Mentors team members to set and achieve individual and team goals while ensuring alignment with broader objectives. Actively contributes as an advisor on internal committees as required. Participates in the development, implementation, monitoring and completion of IT Governance strategic plans and annual budget.
2. Technology Governance: Oversees and grows the technology governance program. Working closely with IT leadership, leads the implementation and continuous improvements of the credit union’s technology governance program, ensuring alignment with the organizational and technology strategies. Collaborates with risk and internal audit leadership to maintain compliance with federal regulations. Operationalises specific policies across the enterprise. Works with Corporate Governance and leads the team in developing and refreshing policies and guidelines including presentation at IT Risk Committee.
3. Technology Risk Management: Oversees the first line of defense for IT and cybersecurity risks and develops the risk management framework aligned with the approach of the second line of defense. Oversees critical IT risk assessments and recommends control improvements and reporting on key risk indicators. Key areas within risk management include vendor management, disaster recovery, cloud risk management, and oversight of the 1B function. Ensures the completion of risk and control self-assessments across IT and Cyber Security.
4. IT Third Party Management: Works with IT leaders, advising on key IT operational processes and practices related to third party management and software asset management. Develops, implements, executes and then oversees federal compliance programs including review and annual renewal of due diligence assessments, collection of other required documentation and assuring IT relationship management accountability for management third-party risks. Works with Finance and Procurement for IT budget and contract oversight.
5. Business Enablement: Interfaces between the IT function and various business units and ensures that technology acts as a business enabler in the credit union, including advising on key initiatives associated with business and technology strategy, reviewing of appropriate external vendors and advising on on-going key governance processes.
6. Project Governance: Oversees project governance. Liaises with project managers, leaders and sponsors to define project governance and project risk management practices. Acts as an advisor on initiatives within the credit union’s digital banking ecosystem and high value projects, ensuring alignment with organizational processes and procedures.

Required Skills, Experience & Qualifications

• Bachelor’s Degree in Technology or a related field required
• One or more of CISA, CISM, CRISC, CISSP, PMP, Agile, ITIL required
• Master’s Degree, MBA or Technology preferred
• 8-9 years’ experience in progressively senior positions in technology, financial services or consulting space required Extensive experience in IT, cybersecurity, risk management frameworks, IT service management & project management
• Prior experience in developing technology governance, risk and operational programs
• Strong leadership skills and business relationship management skills, with the ability to influence others within the organization and form relationships with different business units
• Demonstrated written and verbal communication skills, with the ability to interact effectively with senior leadership as well as with a wide variety of stakeholders
• Strong consulting and problem-solving skills, with the ability to develop customized recommendations to improve the overall effectiveness and efficiency of the organization
• Demonstrated knowledge of IT governance and management frameworks such as COBIT
• Expert level understanding of technology risk and cybersecurity frameworks such as NIST, ISO 27001, SOC 2 etc.
• Good understanding of cloud solutions such as Azure or AWS
• Expert level knowledge of project management and agile frameworks. A designation is preferred
• Working knowledge of IT operations processes and practices. Background in ITIL concepts preferred
• Displays an understanding of risk and risk ownership by being able to demonstrate adherence to policies and procedures.