Director of Information Technology Risk
Apply NowCompany: East West Bank
Location: Pasadena, CA 91104
Description:
Introduction
Since 1973, East West Bank has served as a pathway to success. With over 110 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates' potential for career advancement.
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.
Overview
The Director of Information Technology Risk will be responsible for providing strategic leadership, expert guidance, credible challenge, and effective oversight of Information Technology-excluding cybersecurity-within the Second Line of Defense (2LOD) Enterprise Risk Management (ERM) function.
This individual will shape and lead the Bank's non-cyber IT risk management program by establishing frameworks, standards, and governance for identifying, assessing, monitoring, and reporting on technology-related risks across infrastructure, applications, platforms, IT operations, processes, governing/oversight bodies, and change management activities. This is a highly visible role requiring extensive engagement with technology leadership, business executives, auditors, and regulators.
This role will require an individual with deep technology knowledge in Risk & Controls, 2LOD structure and oversight methods, exceptional relationship management, communication, and influencing skills at all levels. This role will work closely with first line technology, operations, and business teams, as well as audit and regulators.
Responsibilities
Qualifications
Compensation
The base pay range for this position is USD $150,000.00/Yr. - USD $250,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.
Since 1973, East West Bank has served as a pathway to success. With over 110 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates' potential for career advancement.
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.
Overview
The Director of Information Technology Risk will be responsible for providing strategic leadership, expert guidance, credible challenge, and effective oversight of Information Technology-excluding cybersecurity-within the Second Line of Defense (2LOD) Enterprise Risk Management (ERM) function.
This individual will shape and lead the Bank's non-cyber IT risk management program by establishing frameworks, standards, and governance for identifying, assessing, monitoring, and reporting on technology-related risks across infrastructure, applications, platforms, IT operations, processes, governing/oversight bodies, and change management activities. This is a highly visible role requiring extensive engagement with technology leadership, business executives, auditors, and regulators.
This role will require an individual with deep technology knowledge in Risk & Controls, 2LOD structure and oversight methods, exceptional relationship management, communication, and influencing skills at all levels. This role will work closely with first line technology, operations, and business teams, as well as audit and regulators.
Responsibilities
- Develop, implement, and enhance the enterprise-wide 2LOD risk oversight framework for IT Risk (excluding Cybersecurity), ensuring alignment with regulatory expectations, business strategy, and risk appetite.
- Provide credible challenge in all subjects, areas, and processes of Information Technology
- Lead independent identification and assessment of IT risks and issues related to system availability, data integrity, change management, application development, technology resiliency, configuration management, IT service management, and infrastructure modernization.
- Establish a strong, collaborative engagement model with First Line of Defense (1LOD) technology functions to assess control effectiveness, provide credible challenge, and support proactive risk mitigation strategies.
- Represent ERM as the Information Technology Subject Matter Expert in senior forums, governance committees, and working groups related to IT, developing a positive working relationship with internal clients, staff, peers, and senior management. Ensure timely escalation and reporting of emerging and material IT risks, control issues, and incidents.
- Provide 2LOD risk oversight for major technology initiatives including cloud transformation, platform and process modernization, automation efforts, and technology resilience planning.
- Conduct and manage robust review and challenge process for enterprise-wide technology controls assessments, including evaluating evidence of existing controls, identifying significant control deficiencies, assessing adequacy of proposed remediation to address deficiencies, and monitoring remediation to closure.
- Define and track key risk indicators (KRIs) and risk appetite metrics for information technology risk.
- Establish policies, standards, and procedures aligned with the Bank's risk appetite, regulatory expectations, and industry best practices.
- Provide risk advisory input and sign-off on significant technology changes, IT project risk assessments, new systems implementations, and business technology initiatives.
- Influence control owners and other stakeholders to build consensus on risk mitigation and remediation strategies.
- Perform other duties and special projects as assigned.
Qualifications
- 15+ years of direct, related experience in Risk Management, Information Security or Technology.
- Demonstrated experience developing and executing 2LOD risk programs across complex IT environments.
- Deep understanding of technology infrastructure, platforms, application development, IT operations, and change management lifecycle.
- Strong knowledge of banking operations and technology regulatory requirements (e.g., FFIEC IT Handbook, NIST, OCC Heightened Standards).
- Exceptional communication and influencing skills, with the ability to engage senior technology leaders, regulators, and internal audit.
- Strong analytical skills and ability to manage multiple priorities in a fast-paced environment.
- Experience leading or overseeing risk functions within financial institutions is strongly preferred.
- Knowledge of general banking operations, including deposit operations, loan administration, treasury management and/or other commercial banking products and services.
- Highly organized and efficient; ability to balance and manage multiple projects concurrently.
- Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.
Compensation
The base pay range for this position is USD $150,000.00/Yr. - USD $250,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.