IT/IS Risk Management Principal

Company: USAA
Location: Sun City West
Posted on: May 15, 2022

Job Description:

Purpose of JobThis is a hybrid role working partially from one of our regional offices and partially from home. (San Antonio TX, Plano TX, Charlotte NC, Tampa FL, Phoenix AZ, or Colorado Springs CO). USAA values a culture that is highly collaborative, and we have found that a hybrid work type helps employees gain the best of both worlds - collaborating in-person in the office and working from home when needed to achieve focused deliverables. The actual days onsite are determined between each employee and the employee's manager.Responsible for providing direct 2nd line of defense (LOD) risk oversight for USAA's Information Technology/Information Security (IT/IS) business function which includes developing and executing a comprehensive risk management coverage plan. Establishes enterprise-wide standards for 2nd LOD IT/IS risk reporting and ensures IT/IS risk reporting is appropriately tailored to meet the standards of the Board, senior management, and other key stakeholders within the organization.Job RequirementsAbout USAAUSAA knows what it means to serve. We facilitate the financial security of millions of U.S. military members and their families. This singular mission requires a dedication to innovative thinking at every level. Primary Responsibilities:Job Description

• Establishes and maintains an Enterprise IT/IS risk governance framework that supports enterprise-wide standard operating policies and procedures that are aligned with the USAA
• Board's risk appetite, the company's business and strategic objectives, and regulatory expectations.
• Reviews and evaluates the Third-Party Risk Management Program and incorporates the applicable requirements into the Enterprise IT Risk Governance Program.
• Accountable for assessing business unit level IT/IS policies, standards and procedures developed and implemented by the business units to ensure they are in alignment with and support the Enterprise IT/IS policies, standards and procedures.
• Evaluates and challenges the completeness and accuracy of the 1st LOD's enterprise-wide IT/IS process risk and control inventory; conducts validation testing and reviews to ensure the recommended corrective actions to 1st and 2nd LOD identified IT/IS issues are complete, sustainable and effective.
• Continually evaluates information technology, information security and data risk developments, strategic and operating plans, stress points and changes in operating processes to identify potential risks which may impact the IT/IS operating and control environment.
• Reviews and monitors identified material IT/IS internal and external risks and emerging potential threats and ensures risk mitigation action is taken as necessary.
• Assesses the enterprise information technology systems and information security protocols to ensure they are secure to support the businesses' processing environment and are adequately controlled to appropriately mitigate IT/IS risks. When you apply for this position, you will be required to answer some initial questions. This will take approximately 5 minutes. Once you begin the questions you will not be able to finish them at a later time and you will not be able to change your responses.Minimum Requirements:
  • Bachelor's Degree or 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree
  • 10 years of Information Technology / Information Security (IT/IS) experience, in a relevant industry or operational area, to include banking, insurance, financial services, project management, auditing / public accounting / consulting, and/or military service to include 6 years of specific risk management experience.
  • Demonstrated experience in applying IT/IS risk frameworks such as risk governance, control effectiveness measurement, process, risk and control analysis, and risk management coverage plan (monitoring, assessment and testing).
  • In-depth knowledge of cyber security, information security, fraud risk management, data risk management, customer authentication and identification access processes and controls.
  • Proven ability to communicate and influence effectively across all Lines of Defense.
  • Knowledge of federal regulation 12 CFR Part 30, including Appendices A, B and D and with federal supervisory guidance, to include:---OCC Documents: Large Bank Supervision Handbook; OCC Safety and Soundness Handbooks - Internal Control, and Retail Lending; and with key OCC bulletins to include: Third Party Risk Management; Technology Risk Management; and Operational Risk--- Federal Reserve Documents: Consolidated Supervision Framework for Large Financial Institutions; Federal Reserve Board Bank Holding Company Supervision Manual--- FFIEC Manuals and Handbooks to include: Banking; Information Technology Examination
  • General understanding of federal laws, rules, and regulations, to include:--- CRA; ECOA; FCRA; MLA; SCRA; Regulation DD; Regulation E; Regulation Z; BSA/AML and UDAP/UDAAP--- Basel Committee on Banking Supervision Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS-239)--- Title V, Section 501 of the Gramm-Leach-Bliley Act--- EU General Data Protection Regulation (GPDR)--- California Consumer Privacy Act (CCPA)--- New York State Department of Financial Services 23 NYCRR Part 500Preferred Experience:
    • 1st and/or 2nd LOD experience in IT risk management within a large financial institution focused on assessing information systems and technology risks and controls, with a demonstrated background in applying risk & controls, security and technology principles
    • Previous technical domain experience to include Architecture, DevOps, Security, Application Development and/or Infrastructure/IT Ops, etc.
    • Possess related industry certifications, such as CISA, CISSP, ITIL, CIA, CRISC, CGEIT, CRMA or other Technical Certifications or Industry Training Certificates
    • Experience working with Risk, Security or Audit frameworks (FFIEC, COBIT, COSO, ISO 27001/2, NIST 800-53, SSAE16)
    • Experience evaluating IT Architecture design for infrastructure, virtualization, cloud technology and business technology architecture for financial institutions, evaluating software development life cycle processes, agile execution utilizing scrum partners, evaluating middleware technologies (e.g., Websphere) and infrastructure platforms (e.g., delivery infrastructure, application programming interface (API)), native mobile and cloud platforms (e.g, Salesforce), and/or monitoring and deploying software solutions for large financial and insurance institutions.
    • Third Party Risk Management experience, in particular in standing up or evaluating frameworks, metrics (concentration risk), and other 3rd and 4th party oversight (business, technology)The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.Compensation:USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market position. The salary range for this position is: $155,400-$279,000* (this does not include geographic differential it may be applied based on your work location)Employees may be eligible for pay incentives based on overall corporate and individual performance or at the discretion of the USAA Board of Directors. *Geographical Differential: Geographic pay differential is additional pay provided to eligible employees working in locations where market pay levels are above the national average. Shift premium: will be addressed on an individual-basis for applicable roles that are consistently scheduled for non-core hours. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. Please click on the link below for more details.USAA Total RewardsRelocation assistance is not available for this position.

Keywords: USAA, Sun City West , IT/IS Risk Management Principal, Executive , Sun City West, Arizona