Director, Technology & Cyber Risk
Apply NowCompany: Synovus Financial
Location: Atlanta, GA 30349
Description:
Job Description
Job Summary
Responsible for leading the enterprise technology risk program and team members to provide oversight, guidance, and independent challenge to the first line regarding Technology and Information Security Risks. Responsible for the design, planning, and implementation of the technology risk management framework, including the development of the Technology Risk Policy and Procedures, and the Technology Risk Committee. Responsible for building, developing, and maintaining effective relationships with key internal stakeholders in other risk disciplines such as Internal Audit, Compliance, Technology, Information Risk and Resiliency, Legal, and other critical functions, as well as external regulatory agencies.
Job Duties and Responsibilities
The information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Synovus is an Equal Opportunity Employer supporting diversity in the workplace
Minimum Requirements
Minimum Education:
12 years experience overseeing departmental or enterprise-wide technology and/or cybersecurity risk management programs
Minimum Experience:
12 years experience overseeing departmental or enterprise-wide technology and/or cybersecurity risk management programs
Certifications:
Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
Required Knowledge, Skills, Abilities:
Job Summary
Responsible for leading the enterprise technology risk program and team members to provide oversight, guidance, and independent challenge to the first line regarding Technology and Information Security Risks. Responsible for the design, planning, and implementation of the technology risk management framework, including the development of the Technology Risk Policy and Procedures, and the Technology Risk Committee. Responsible for building, developing, and maintaining effective relationships with key internal stakeholders in other risk disciplines such as Internal Audit, Compliance, Technology, Information Risk and Resiliency, Legal, and other critical functions, as well as external regulatory agencies.
Job Duties and Responsibilities
- Establishes and documents technology risk policies and procedures. Leads oversight of the technology risk program, to support heightened focus on technology risk management enterprise wide; and to ensure appropriate engagement of second line with first line, to provide effective independent risk review, credible challenge, monitoring and oversight of technology risks. Develops strategies for continuous enhancement of the technology risk program, leveraging frameworks such as COBIT and NIST.
- Establishes a Technology Risk Committee, which is a sub-committee of the Operational Risk Committee with input from all areas of technology including Identity and Access Management (IAM), Data Management, IT Asset Management (ITAM), Infrastructure, Info and Cyber Security, Systems Development Life Cycle (SDLC), and Business Continuity Disaster Recovery (BCP/DR). Provides ongoing reporting and provides updates to Executive Risk Committee and Risk Committee of the Board on technology risks.
- Serves as liaison with lines of business to ensure risks are identified, and emerging and residual risks are recorded and escalated to the Technology Risk Committee. Oversees technology risk assessments for the New Business Activity (NBA) Assessment. Consults with lines of business to establish key risk and performance indicators (KRI/KPI) and risk appetite measures (RAMs) that align with the Board-approved risk appetite, monitoring and reporting out on tolerance metrics.
- Works consultatively with executive management, Internal Audit and lines of business in timely remediation of risk and issues through process and control improvements. Provides thought leadership and reporting on emerging topics such as IT Cyber Governance, resilience, significant change management, third party cloud risks, and proactive identification of emerging risks from advanced technology like AI. Serves as a member of the Synovus Incident Response Team (SIRT). Participates in internal audits, external reviews and regulatory exams.
- Develops, documents, and maintains the technology risk assessment process. Executes the enterprise risk framework for measuring technology risk within the organization, including identification of process-related risks and controls, reporting out on tolerance risks and metrics, and establishing and monitoring risk treatment plans in coordination with business process owners. Maintains the technology taxonomy for processes, risks, and controls in coordination with Enterprise Risk Management (ERM).
- Manages the day-to-day activities of the Technology Risk function. Provides leadership, direction, and growth opportunities to members of the department, performing those responsibilities in accordance with the Company's policies and applicable laws. Responsible for interviewing, hiring, planning, assigning or directing work, appraising performance, disciplining team members, and resolving problems. Works with the Human Resources Department to resolve more complex team member-related issues.
- Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise, and report known or suspected violations to the appropriate Company authority in a timely fashion.
- Performs other related duties as required.
The information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Synovus is an Equal Opportunity Employer supporting diversity in the workplace
Minimum Requirements
Minimum Education:
12 years experience overseeing departmental or enterprise-wide technology and/or cybersecurity risk management programs
Minimum Experience:
12 years experience overseeing departmental or enterprise-wide technology and/or cybersecurity risk management programs
Certifications:
Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
Required Knowledge, Skills, Abilities:
- Ability to interact on a regular basis with executive level management requiring negotiation of difficult matters to influence policy making for the organization
- Ability to present technical information in a way that establishes rapport, persuades others and gains understanding
- Solid project management skills, especially in a cross-functional environment
- Strong communication, collaboration and negotiation skills with the ability to influence staff at all levels
- Strong knowledge of risk management and controls within the financial services industry.