Please reference the schedule and minimum qualifications listed below before applying.

If you need assistance with filling out our application form or during any phase of the application interview or employment process please notify our Human Resources Team at option 1 or email and every reasonable effort will be made to accommodate your needs in a timely manner.

Job Summary

The Vice President of IT Cyber and Data Risk Management serves as MACUs second line leader for technology-related risks and governance reporting directly to the Chief Risk Officer (CRO). This role is responsible for the design implementation and ongoing maturity of governance structures and risk oversight for IT cyber and data risk ensuring alignment with the enterprise risk management (ERM) framework and regulatory expectations. This VP plays a critical role in overseeing and independently challenging the organizations technology and data risk management practices.
The VP will define the future-state strategy and lead the evolution of IT and Cyber Risk Governance working in close partnership with IT ERM and Compliance. Additionally this VP will take ownership of building and institutionalizing second line data risk and governance oversight establishing foundational policies standards and controls to manage data as a strategic risk asset.
This role requires a forward-looking technically fluent and highly collaborative leader capable of influencing across lines of defense applying recognized frameworks (i.e. NIST COBIT FFIEC NCUA ISO 27001) and providing effective data-driven challenge where needed.

Job Description

To be effective an individual must be able to perform each job duty successfully.

IT and Cyber Risk Governance

• Lead the development and oversight of the credit unions IT and Cyber Risk Governance framework ensuring alignment with the enterprise risk framework and regulatory expectations.
• Define and maintain cyber and technology risk policies standards and taxonomies using leading practices such as NIST CSF COBIT and FFIEC Cybersecurity Assessment Tool.
• Partner with Information Security and IT leadership to evaluate cyber risks incident trends emerging threats and risk response strategies.
• Oversee second-line risk assessments of technology projects IT controls vendor platforms and emerging technology use cases.
• Provide risk oversight for cloud migration system resilience access management and other key IT infrastructure initiatives.

Data Risk and Governance Oversight Program

• Build and lead the enterprise rata risk and governance second line oversight program from the ground up including policy development risk assessments roles and responsibilities (data owners stewards) and escalation protocols.
• Define frameworks to govern data quality data lifecycle management privacy metadata and critical data element controls.
• Collaborate with Data and Analytics IT Compliance and business units to embed governance standards into daily data usage and decision-making.
• Identify data risks across systems and products and drive initiatives to reduce exposure and increase integrity and accountability.

Technology Risk Reporting and GRC Enablement

• Define and manage risk reporting routines for cyber IT and data risk providing visibility to risk committees executive leadership and the Board.
• Oversee KRIs metrics and control testing related to technology and data risks; monitor for risk appetite breaches or early warning indicators.
• Collaborate with the ERM and Operational Risk teams to leverage and extend GRC platform capabilities in support of automation risk aggregation and reporting across technology risk domains.

Regulatory Alignment and Exams

• Ensure the IT cyber and data risk programs are aligned with NCUA FFIEC GLBA and other regulatory requirements and industry frameworks.

• Serve as a primary liaison for the second line during regulatory exams and internal audits related to cyber IT and data risk.
• Monitor evolving regulatory and industry expectations and lead change initiatives to ensure ongoing readiness and responsiveness.

Leadership and Organizational Influence

• Lead a high-performing risk team responsible for second line oversight of technology and data risk domains.
• Provide credible challenge to first line risk decisions technology implementations and risk acceptances while maintaining a constructive and solutions-oriented tone.
• Partner across Risk Information Security IT Data and Analytics Internal Audit and Legal to promote a mature risk culture and strengthen enterprise-wide resilience.

KNOWLEDGE SKILLS and ABILITIES

The requirements listed are representative of the knowledge skills and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

Education and Experience

• Bachelors degree in information technology Cybersecurity Risk Management or a related field.
• 10 years of progressive experience in IT risk cyber risk data governance or enterprise risk within financial services or regulated industries.
• 5 years in a leadership role with direct responsibility for governance or oversight of technology and/or data risk programs.
• Strong knowledge of regulatory expectations (e.g. NCUA FFIEC GLBA) and risk frameworks (i.e. NIST CSF COBIT ISO 27001).
• Proven success building or maturing governance programs risk reporting capabilities or enterprise-wide risk frameworks.
• Experience with GRC technology platforms (e.g. Archer ServiceNow GRC etc.).
• Familiarity with data governance tools and metadata/catalog solutions

Licenses Certifications Registrations

• Advanced degree or certifications such as CISM CRISC CISA CDPSE CGEIT or equivalent.

Knowledge and Skills

• Unique expert knowledge and experience in IT cyber and data governance with ability to transfer knowledge to practical solutions in support of strategic initiatives
• Technology and Cyber Risk Acumen: Deep understanding of IT architecture cyber threat landscapes and risk mitigation strategies.
• Data Governance Proficiency: Working knowledge of data risk principles data lifecycle management privacy and quality control frameworks.
• Strategic Leadership: Ability to build a future-state vision and lead cross-functional execution with agility and influence.
• Credible challenge and independent judgement. Demonstrated ability to independently assess question and challenge business decisions and risk-taking activities constructively and persuasively while maintaining strong cross functional relationships
• Regulatory Fluency: Familiar with financial services regulatory obligations and exam readiness practices for cyber tech and data risk.
• Communication and Collaboration: Effectively engages technical and non-technical audiences builds trust and facilitates enterprise-wide alignment.
• Innovation Orientation: Continuously identifies opportunities to strengthen governance streamline oversight and leverage technology in risk management.
• Public speaking skills
• Leadership and talent management skills
• Strategic thinking
• Business development
• Budget and/or revenue acumen
• Problem solving skills
• Verbal/written communication skills

Leadership and Organization Development

• Adapts or creates systems to deliver objectives
• Adapts leadership style to the situation
• Uses networks across formal and informal organizations to get things done
• Develops multifunctional leadership across BU
• Coaches other coaches for skill mastery
• Is responsible for orchestration of talent development and movement across the business unit or function
• Leads Work effectively and regularly across functions
• Accountable for team effectiveness across business unit or function

Scope and Strategic Impact

• Responsible for leading a significant sub-function or business process in a function
• May contribute to revenue target attainment
• Directs highly visible initiatives and/or projects with the high level of risk and complexity
• Focuses on the achievement of departmental goals and has a significant contribution to achieving functional goals
• Operates with autonomy on assigned operational matters; is accountable to BU SVP and Sr. Leadership
• Is accountable for delivery of budget
• Participates in development of BU strategic plans
• Recommends solutions to strategic issues of importance to the company
• Envisions and plans projects that are strategic in nature affecting the entire company or several functional areas
• Accountable for executing and empowering the strategy set by the senior leadership and integrating procedures within function and across the organization
• Strategic planning horizon generally 2-3 years

Analytical Thinking and Problem Solving

• Uses vast intuition and experience to complement data
• Evaluates key business and organizational challenges within the function with some assessment of cross-functional impact
• Directs the resolution of complex or unusual business problems
• Problems are ambiguous and complex
• Solutions need to be devised based on some information requiring judgement to apply new solutions and concepts
• Implementation of solutions requires a medium to long term view

PHYSICAL ABILITIES / WORKING CONDITIONS

Physical Demands

Ability to sit talk and hear consistently

Vision Requirements

Close vision (clear vision at 20 inches or less)

Distance vision (clear vision at 20 feet or more)

Color vision (ability to identify and distinguish colors)

Weight Lifted or Force Exerted

Ability to lift up to 10 pounds frequently and up to 25 pounds occasionally

Environmental

There are no unusual environmental factors (such as a typical office)

Noise Environment

Moderate noise (business office with computers and printers light traffic)

***This Job is not eligible to be performed in Colorado or Connecticut either remotely or in-person.***

Mountain America Credit Union is an EEO/AA/ADA/Veterans employer.