Technology Risk Manager
Company: Flagstar Bank
Posted on: January 24, 2023
The Information Technology Risk Manager is responsible for
managing the delivery and program management of all first line of
defense risk activities directly or indirectly impacting
Information Technology and Information Security within Flagstar.
The Information Technology Risk Manager will leverage experience in
business and technical acumen environment to direct the program
activities in the areas of audit, technology, compliance, risk
management and security. The position will be responsible for the
IT Risk team, which delivers an Information Technology Risk program
with clear, defined operational policy, standards and procedures
related to Information Technology and Security.
- Develop and manage specific Information Technology and Security
risk program elements to mitigate enterprise risks throughout the
- Manage the implementation of the components of the Information
Technology Risk Program to include external compliance, internal
audit, security, vendor management, operational risk, quality
assurance and quality controls for technology and information
- Supervises members of the Technology Risk team in their daily
- Manage the development of guidelines & standards, and training
on Risk Management practices and procedures appropriate for
Flagstar's needs to ensure that risk responsibilities are
understood and carried out throughout the enterprise. Manage
technology process improvement projects, and transformational
initiatives to improve IT risk and control profile.
- Supervises the first line of defense Risk Management functions
for IT meeting the Enterprise Risk Management (ERM) program
elements, processes and compliance requirements. Manage the Risk
Controls Self-Assessment process for Information Technology and
- Ensures compliance with applicable federal, state and local
laws and regulations. Completes all required compliance training.
Maintains knowledge of and adhere to Flagstar's internal compliance
policies and procedures. Takes responsibility to keep up to date
with changing regulations and policies.
- High School Diploma, GED, or foreign equivalent required.
- Bachelor's degree or comparable work experience required.
- Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager, (CISM), Certified
Information Systems Auditor (CISA), or Certified in Risk and
Information Systems Control (CRISC) preferred.
- 6+ years of previous experience working in Information Security
or Information Technology required.
- 3+ years of leadership experience and developing a team
- 5+ years of SOX IT control execution or testing or IT auditing
experience or IT risk.
- 2+ years leading Risk and Control Self Assessments for
technology or information security.
- Demonstrated ability to execute and review audits of general IT
controls including related infrastructure (Active Directory),
operating systems (UNIX, Linux, Windows), databases (Oracle DB and
MS SQL DB), and applications (Oracle, PeopleSoft, Salesforce,
- Design and manage root cause analysis, control gap assessments,
and process improvement projects using technical and problem
solving and critical thinking skills to quickly identify internal
control deficiencies, evaluate their risk implications, and draw
the appropriate conclusions.
- Manage and implement Governance, Risk and Control frameworks,
and systems for technology and information security.
- Lead implementation of Industry standard frameworks for
technology, such as COBIT, ISO, NIST, SANS, and others.
- Supervise the development of internal control documentation
including narratives, process and data flows, and other supporting
- Develop an in-depth understanding of business environment and
risks associated with the financial services industry, IT
environments, and information dataflow.
- Understand and train the team in IT organization business
processes and systems (IT Security, data management, architectural
and planning, technology life cycle management, regulatory
- Demonstrated ability to develop an in-depth understanding of
business environment and risks associated with the financial
services industry, IT environments, and information dataflow.
- Strong verbal and written communication skills with comfort
around presenting new ideas and presentations to senior
- Manage multiple projects concurrently, works under pressure
- Demonstrated track record of meeting time commitments.
- Demonstrated track record of working effectively across
functional and organizational lines.
- Demonstrated knowledge of risk management tools.
- Ability to manage and supervise team members, and develop
For Internal use only: Job Band D
Keywords: Flagstar Bank, Troy , Technology Risk Manager, IT / Software / Systems , Troy, Michigan
Didn't find what you're looking for? Search again!