IT Risk Management Director

Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them.

Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself.

As a key member of the Enterprise Risk Management team, you will support the VP Operational & Strategic Risk Management in maturing risk management practices across the firm and monitoring the risk profile of the organization with a particular focus on technology risks. This role will be responsible for the development, implementation and oversight of the Company's Technology Risk Management ("TRM") Framework.

What you will do

• Define and execute 2nd Line of Defense (LOD) technology risk management strategy to evolve risk management practices and strengthen the control environment; in conjunction with the Chief Information Officer develop and execute against implementation roadmap

• Identify and lead targeted risk assessments to identify potential risk exposures, assess adequacy of controls, recommend control enhancements, and drive support for remediation

• Foster a strong risk culture through valued partnership with the Technology organization, encouraging open dialogue, and challenging where necessary to ensure risks are being appropriately addressed

• Proactively identify areas where technology risks may not be adequately addressed and engage leaders to challenge practices and recommend necessary improvements

• Monitor the technology risk profile of the organization through deep engagement across ITSM processes, staying abreast of emerging trends within the industry, and identifying changes to the organization's threat landscape

• Identify potential cybersecurity and technology risks associated with new and evolving business processes, assessing impacts to those processes, and engaging with leaders to counsel them on risk treatment options based on risk appetite

• Perform independent reviews of technology controls across the organization, including assessing the design effectiveness of security measures, access controls, change management processes, and data protection practices

• Ensure compliance with relevant technology risk management policies, standards, and regulations, and provide guidance on policy updates and improvements

• Ensure change risk management practices are embedded within the Technology organization to identify, mitigate, and monitor risks related to key Technology related initiatives

• Drive issue resolution stemming from Technology process breakpoints, including determination of root cause and accompanying remediation

• Recommend mitigations to address control or policy gaps and monitor status of recommendations until implemented

• Prepare quarterly TRM reporting for management and/or board risk committees

• Serve as the primary point of contact for the Technology organization, interacting regularly with the Chief Information Officer, Chief Information Security Officer, and other senior leaders

What you will bring

• Bachelor's Degree required

• 15+ years of experience in any of the following areas: Risk, Information Security, Internal Audit or similar experience

• Strong understanding of security risk management frameworks such as ISO 27001/27002, NIST, COBIT, and ITIL

• Deep knowledge of technology risks across various domains including cybersecurity, data privacy, application security, infrastructure security, and cloud computing.

• Ability to build strong relationships across the organization & influence key stakeholders; ability to drive and lead others through change

• Experience in conducting risk assessments, control testing, and internal audit functions

• Demonstrated effective written and verbal communication skills including the ability to communicate about complex topics in concise terms

• A strategic thinker with strong analytical skills and excellent judgement; able to seamlessly transition between blue sky thinking and tactical execution

***Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time, including CPT/OPT.***

What we offer you

We offer an array of diverse and inclusive benefits regardless of where you are in your career. We believe that providing our employees with the means to lead healthy balanced lives results in the best possible work performance.

• Medical, dental, vision and life insurance
• Retirement savings - 401(k) plan with generous company matching contributions (up to 6%), financial advisory services, potential company discretionary contribution, and a broad investment lineup
• Tuition reimbursement up to $5,250/year
• Business-casual environment that includes the option to wear jeans
• Generous paid time off upon hire - including a paid time off program plus ten paid company holidays and three floating holidays each calendar year
• Paid volunteer time - 16 hours per calendar year
• Leave of absence programs - including paid parental leave, paid short- and long-term disability, and Family and Medical Leave (FMLA)
• Business Resource Groups (BRGs) - internal networks that rally around common interest, experiences and identities such as race, ethnicity, gender, ability, military status and sexual orientation. BRGs play a vital role in educating and engaging our people and advancing our business priorities.

Base Salary Range

The salary range above shows the typical minimum to maximum base salary range for this position in the location listed. Non-sales positions have the opportunity to participate in a bonus program. Sales positions are eligible for sales incentives, and in some instances a bonus plan, whereby total compensation may far exceed base salary depending on individual performance. Actual compensation offered may vary from posted hiring range based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer.

Equal opportunity employer * Drug-free workplace

We are an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to age (40 and over), race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law.

***For remote and hybrid positions you will be required to provide reliable high-speed internet with a wired connection as well as a place in your home to work with limited disruption. You must have reliable connectivity from an internet service provider that is fiber, cable or DSL internet. Other necessary computer equipment, will be provided. You may be required to work in the office if you do not have an adequate home work environment and the required internet connection.***

Job Posting End Date at 12:01 am on: