Enterprise Information Risk Management Officer

The Enterprise Information Risk Management Officer serves as a key authority in technology and Cybersecurity risk management acting as an independent second line of defense overseeing the effective identification mitigation monitoring and reporting of enterprise technology and cybersecurity risks. As a subject matter expert (SME) advise first-line leaders and technical teams ensuring alignment with the banks risk appetite and objectives. Actively influences cybersecurity strategies by providing recommendations to senior leadership and the board. Critically reviews first-line risk and security assessments Policies Standards and Risk Acceptances ensuring their adequacy. Plays an active role in technology risk committees upholding regulatory requirements and guiding the formulation and oversight of enterprise-wide technology risk policies. This includes active and independent oversight of the First Lines Governance Risk and Compliance (GRC) function which includes review and acceptance of all reporting to Executive Management and the Board Risk Committees. This role reports to the Enterprise Risk Management Director.

Principal Duties & Responsibilities:

• Provides independent risk oversight (second line of defense/2 LOD) ensuring effective identification mitigation monitoring and reporting of enterprise technology and cybersecurity risks.
• Serves as SME; provides risk advisory to 1 LOD leaders (Chief Information Security Officer Chief Information Officer Chief Technology Officer) and technical teams supporting the banks strategies and objectives to operate within established risk appetites.
• Influences cybersecurity management through recommendations to the bank senior leadership including the Board of Directors Senior Management and other CNB executives to form decisions on risk prioritization to close identified gaps.
• Reviews and challenges adequacy of risk and information security assessments and testing produced or contracted by first line of defense (RCSAs FCAT Pen Testing others).
• Ensures enterprise technology risks are properly recorded on the banks enterprise risk management platform.
• Ensures proper strategies are in place to bring risks to acceptable levels.
• This includes ensuring proper remediation actions are properly implemented such as adoptions of new security technologies and platforms business processes third-party contracts among others.
• Ensures enterprise technology risks are properly reported to Sr. Management and Board of Directors including but not limited to KRIs and other metrics.
• Serves as member of the technology risk committee and participate in the enterprise management and board risk committees when applicable for technology risk related topics.
• Upholds regulatory requirements for technology risk.
• Ensure regulatory changes affecting the technology landscape are effectively understood represented in policies and procedures and properly implemented.
• Provides direction and guidance in the development implementation and maintenance of policies procedures and standards.
• Executes oversight of multiple enterprise-wide policies affecting technology risk.
• In the event of significant cybersecurity incidents performs oversight ensuring 1 LOD incident response plan activities are executed accordingly.

• 8-10 years of work experience in the fields of cybersecurity information technology or risk management required.
• 5-7 years of experience with analysis emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers preferred.
• In-depth knowledge and ability to effectively manage all major aspects of IT Data and Information Security as well as Risk and Compliance within the IT organization.
• Demonstrated experience overseeing IT and Cyber-related risk assessments in a complex technical environment.
• Excellent verbal and written communication skills.
• Must possess strong analytical capabilities and have a desire to learn new things.
• Ability to communicate clearly and to interact effectively at all levels of the organization and to influence as warranted and appropriate.
• Passion and expertise in cybersecurity with an ability to be confident respectful and articulate when registering dissenting or unpopular opinions.
• Ability to manage multiple projects while maintaining superior results.
• Ability to work cross-functionally individually and to lead work among a team.
• Execution oriented and a self-motivator.

• Bachelors Degree in Cyber Security or related field.

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCPhere.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about discussed or disclosed their own pay or the pay of another employee or applicant. However employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information unless the disclosure is (a) in response to a formal complaint or charge (b) in furtherance of an investigation proceeding hearing or action including an investigation conducted by the employer or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at or by e-mail at.