Talent.com
serp_jobs.error_messages.no_longer_accepting
Director Information Technology Audit

Director Information Technology Audit

Smith Arnold PartnersHartford County, CT, US
job_description.job_card.variable_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
job_description.job_card.job_description

Job Description

Are you looking for an opportunity to build a First Line Defense in Technology?

Our client is seeking a Managing Director to implement a First Line Risk & Controls function for their IT infrastructure and cloud group. This is a high-profile position charged with building and implementing a top-notch risk & controls program, working closely with all stakeholders, executives, and regulators. You will be managing and supporting RCSA execution; supporting development and monitoring of KRIs and metrics at the Board, Management, and First Line Unit level; supporting governance, policy, and procedure alignment across Finance; leading issue identification and management for all technology-related processes; and serving as liaison with auditors and regulators through examinations. You will work closely with Financial Risk Management and second line teams through the execution of risk management activities.

Title : MD IT Infrastructure – First Line Risk Management

Location : Stamford or Hartford, CT (Hybrid)

Salary : $180,000 to $220,000 + Bonus & LTI

What are people saying about this company?

  • Excellent management, fair goals, team-oriented
  • Great place to work and learn!
  • Location : Stamford, CT (Hybrid)

Key Responsibilities :

  • Oversight and management for multiple Technology Front Line Unit (FLUs)
  • Lead and develop a high-performing team of risk professionals, fostering a culture of accountability, continuous improvement, and proactive risk ownership.
  • Leverage agile principals to operate transparently.
  • Collaborate with the Technology Front Line Unit to design, implement, and maintain effective controls that mitigate identified risks across infrastructure, cloud, IAM, SDLC, and project management domains.
  • Drive the early identification of control issues, emerging risks, and process deficiencies. Lead root cause analysis and oversee the development and execution of robust, sustainable remediation plans to address control gaps and prevent recurrence. Analyze risk data to assess likelihood, impact, and trends, and provide actionable insights to senior leadership.
  • Partner closely with Enterprise Architecture and the Project Management Office to support risk-informed decision-making across the technology development lifecycle; serve as Risk SME. Provide counsel informed by industry leading practices on Infrastructure as Code, secure CI / CD pipelines, and modern patch management.
  • Perform risk evaluations of material changes in infrastructure, cloud, and networking environments, including new cloud services and architectural patterns.
  • Maintain ongoing engagement with cloud operations teams and ensure new services and configurations are appropriately secured.
  • Evaluate the risk impact of incidents and problems on the control environment and recommend enhancements to prevent recurrence. Provide governance and oversight of patch management programs, ensuring timely remediation of vulnerabilities and alignment with risk appetite.
  • Lead the execution and documentation of RSCA processes across the respective Front Line Units (FLUs) to ensure it aligns with regulatory requirements and industry best practices. Assist with designing and enhancing the RCSA program, ensuring compliance with internal policies, industry best practices and regulatory requirements.
  • Reporting & Communication : Develop and deliver executive-level reporting that highlight risk trends, control effectiveness, and areas requiring attention.
  • Evaluate and improve the overall risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
  • Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available.
  • Ensure adherence to applicable regulations and standards, partnering closely with Compliance, Internal Audit, and other control functions.

    • Qualifications :

  • Bachelor’s degree in Technology, Risk Management, or a related field. A Master’s is a plus
  • Risk certifications preferred (CISA, CISSP, CCSP, PMP, etc.)
  • Approximately 10 - 15 years of experience in risk management, operational risk, or internal audit within the banking or financial services industry.
  • Substantial experience in leading RCSA, internal audit, or similar assessment / testing programs.
  • At least 5 years in a senior leadership role, demonstrating the ability to effectively lead and develop a team.
  • Deep understanding of regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
  • Strong familiarity with software-defined networks, cloud security posture management, zero trust network principals, and cloud access security brokers.
  • Strong in operational risk management techniques and control assessment methodologies.
  • 10+ years of experience in technology risk, operational risk, information security, or audit in a regulated financial or technology-driven environment.
  • Experience in of technology risk frameworks for infrastructure, cloud, cybersecurity, service management, delivery (e.g., NIST, ISO, FFIEC), CRI / CRI Profile, and risk rating methodologies.
  • Experience with cloud operations, Infrastructure as Code (IaC), enterprise architecture, asset management, change management, database management, identity and access management, configuration management, network security, capacity management and FinOps, problem and incident management, agile software delivery, DevSecOps, and PM
  • Proven experience interfacing with regulators (e.g., OCC, FRB, SEC) and audit functions.
  • Exceptional written and verbal communication, influencing, and negotiation skills at senior executive levels.
  • Ability to translate complex technical risks into clear business language.
  • Experience managing high-performing risk or compliance teams.
  • Strong judgment, discretion, and an ability to operate in fast-paced, ambiguous environments.
  • Strategic thinker with a practical orientation toward execution and results.
    • serp_jobs.job_alerts.create_a_job

    Director Information Technology • Hartford County, CT, US