Experience Inc. Jobs

Position Title Director, IT & Security Risk Management

Location Troy/5151 Corporate Drive/112300

Job Summary The Director of IT & Security Risk Management is responsible for developing and implementing the first line of defense for an end-to-end IT risk management program in alignment with Flagstar's Enterprise Risk Management program driving the identification, assessment, and prioritization of existing and emerging IT risks across the organization. Lead and execute on the coordination, management, and monitoring of all IT and Cybersecurity regulatory matters. Monitor and report on the IT risk posture of the firm and drive escalation of IT risks to executive management committees. Providing strong leadership, vision, and guidance to IT risk management teams.

This role will work in conjunction with IT senior management to oversee the strategy and direction of the governance, risk, and compliance activities impacting Information Technology. This director leads a team that works with the IT organization to ensure effective risk management and escalation to IT senior leaders. Additionally, the Director will have responsibility to oversee the first line of defense IT risk team to monitor performance of controls, maintain documentation and support IT in risk identification, mitigation, and reporting. Director will partner with IT risk teammates and IT leaders to conduct operational controls and regulatory self-testing, issue management, risk, and control self-assessments, third party, application, and cloud cybersecurity risk assessments as well as security awareness and phishing management program.

Job Responsibilities: Develop and maintain a comprehensive IT risk strategy, program, and governance frameworks in alignment with Enterprise Risk Management. Oversee the execution of all IT Risk related activities including RCSA, risk reporting, issues management, metrics, analytics, KRIs, security awareness and cybersecurity risk assessments related to third parties, on-prem, public cloud environments. Prepare and deliver IT and Cybersecurity Risk reports, metrics, KRIs to Technology Management Committee and finalize IT Risk materials for the CIO to present to the Technology Committee of the Board. Receive, track, coordinate, manage and report on all IT and Cybersecurity regulatory matters, audit, 2LOD findings and IT self-identified issues. Continuously monitoring the state of all matters to ensure closure in a timely manner and escalation appropriately when remediation efforts are at risk. Proactively lead the IT Risk department, continuously providing vision and guidance to the IT Risk leads within the department. Assist with career development and enhancement of the team. Responsible for talent management functions including: employment, performance evaluations, staff development/training, disciplinary actions, succession planning and ensuring all staff comply with compliance requirements. Performs special projects, and additional duties and responsibilities as required. Ensure compliance with applicable federal, state and local laws and regulations. Complete all required compliance training. Maintain knowledge of and adhere to Flagstar's internal compliance policies and procedures. Take responsibility to keep up to date with changing regulations and policies.

Job Requirements: Bachelor's Degree in Information Security, Computer Science or related field required. Master's Degree preferred. CISA, CISM, CRISC, CISSP certifications preferred. 12 Years of overall IT experience with a minimum of 10 years in cybersecurity, governance, risk and compliance. 8 years of experience directly leading and developing team(s) of IT professionals with a large span of control. Proven experience in RCSA, issue management, risk acceptance management, configuration baseline management, regulatory management, securit