Job was saved successfully.
Job was removed from Saved Jobs.

Job Details


Key Bank

Operational Risk Officer - Cybersecurity and Technology

Technology

Chief Technology Officer

No

Various, Ohio, United States

Location: For Those Who Work At Home - Various, Ohio 44145 JOB BRIEF The Cybersecurity and Technology Operational Risk Officer has responsibility to mitigate and discourage actions that may expose KeyCorp and its affiliates to cybersecurity or resilience risk with its business activities. This position is responsible for ensuring cybersecurity and resilience risk requirements and processes comply with regulatory requirements, Key’s Risk Management policies and program requirements, and that business activities are managed within Key’s Operational Risk Management appetite. Additionally, this position is responsible for the oversight of risk identification and mitigation for cybersecurity and resilience risk, including the oversight of relevant programs and policies, which includes providing highly specialized guidance and oversight on current and emerging legal, regulatory, and operational risk issues, monitoring and measuring operational risk performance, and reviewing and challenging of strategy (e.g., initiatives, products, third parties, and clients), control design, implementation, testing, and remediation for all LOBs. The qualified candidate must be able to work independently and use sound judgment taking into consideration risk tolerances of assigned LOBs and KeyCorp overall. This role reports directly to the Operational Risk Program Manager Cybersecurity and Resilience. This position is a single contributor role and does not have direct reports. ESSENTIAL JOB FUNCTIONS - Proactively works with business unit management to identify and assess cybersecurity and resilience risks associated with business activities, ensuring alignment with the Corporate Operational Risk Framework including: Advising LOBs on risks and controls and applicable metrics (i.e., KRIs, EWIs, Tolerances). Advising LOBs on risks related to new products and/or services and business initiatives. Advising LOBs on risks related to outsourced third party activities. Identifying aggregate risk across LOBs Assessing the appropriateness of and working with LOBs on developing and/or enhancing internal procedures and guidelines to comply with Operational Risk appetite, tolerances and policies. Conducts a robust Review and Challenge process in evaluating and reviewing business processes, risk profiles, risk indicators, controls, remediation plans, etc., to ensure alignment with Key’s Operational Risk and Enterprise Risk Management programs, policies and practices. Ensures the effective development and delivery of corporate-wide and or role specific Operational Risk training; provides guidance and assistance related to LOBs related to the development of LOB specific operational risk training. Providing periodic risk reporting to senior management - Accountable for ensuring that policies and procedures and associated cybersecurity and resilience risk programs are consistent with current applicable banking rules, regulations, and laws. Monitors and assesses for any new or amended requirements. - Develops and recommends for approval policies, standards, procedures and guideline to comply with corporate risk appetites, tolerances and policies. - Ability and willingness to learn emerging technologies (FinTech) and best practices associated with securing / managing these technologies and services, including but not limited to: cloud computing, robotic process automation, AI and APIs. - Acts as Cybersecurity and Resilience Risk Subject Matter Expert on assigned Subcommittees and/or Working Groups. - Develops and maintains positive working relationships with internal clients, staff, peers, and senior management. - Ensures a sound understanding of business strategy, business processes and associated risks for assigned business units. - Escalates promptly to appropriate senior management or appropriate risk committee any material breaches of applicable laws, rules, policies or standards with actual or potential operational risk impact, and necessary correction action. - Maintain relationships with industry peers and regulatory bodies. - Respond to internal and external audits, regulatory exams and other requests for information. Assist in the evaluation of audit and examination findings and implementation of corrective action and needed responses. REQUIRED QUALIFICATIONS An Undergraduate degree is required, advanced degree/s desired and would be a plus Minimum of 8+ years of relevant industry and professional experience (e.g., cybersecurity risk management, cybersecurity audit, or direct cybersecurity governance experience) In-depth practical knowledge of cybersecurity controls, risk assessments and operational processes, and applicable techniques for implementation of regulatory, compliance and legal requirements and operational processes. Demonstrated knowledge of cybersecurity related regulations, guidelines, and frameworks (e.g., COBIT, GLBA, HIPAA, NIST, PCI) Strong leadership and relationship management skills including the ability to lead up and across the organization Ability to effectively communicate to lines of businesses and senior management, both in writing and verbally Has high ethical standards Proven to be a proactive thinker Proven ability to drive results through people Strong project management and/or continuous improvement skills Proven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practices Industry certifications a plus (e.g., Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) COMPENSATION AND BENEFITS Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be mobile or home based, which means you may work either at a home office or in a Key facility to perform your job duties. This position is eligible to earn a base salary in the range of $90,000 to $135,000 annually depending on job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance. Please click here for a list of benefits for which this position is eligible. Please click here for a list of benefits for which this position is eligible. Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties. Job Posting Expiration Date: 04/28/2024 KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category. Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com. #LI-Remote