Operational Risk Officer - Technology/Cybersecurity in KeyBank at Brooklyn, OH, US

Job description

About The Job

As subject matter expert, provide advice/consultation services to assigned lines of business (LOBs) on operational risk program management topics, including all activities associated with LOBs risks, controls, testing, remediation, loss analysis, key risk indicators, reporting, policy and procedure development with a focus on cybersecurity risk management. Perform oversight activities and assume responsibility for discouraging actions that may expose KeyCorp and its affiliates to losses, regulatory or reputation risks, or to risk levels that exceed desired risk appetite through its business activities. The position is responsible for ensuring operational risk program management consistent with KeyCorp's Operational Risk Policy. The position may also have responsibility for managing Compliance and Control responsibilities for select business units.

Essential Job Functions

• For assigned LOBs, become the subject matter expert (SME) on operational risk and control matters (and compliance as assigned), with a focus on cybersecurity risk management, by developing/maintaining strong positive working relationships with LOBs, staff, peers, other risk partners and senior management and by attending LOB meetings to develop a deeper understanding of business activities and trends.
• In accordance with the Operational Risk Policies, assist and provide feedback to LOBs around development/monitoring of risks, controls, testing, remediation and reporting of significant risk and control issues.
• Monitor quarterly testing results to deadlines and perform more complex risk monitoring activities as assigned.
• Analyze and provide feedback to LOBs on action/remediation plans to address control gaps to ascertain that operational, legal, regulatory, and reputation risks are being properly managed and mitigated.
• Assist LOBs and other corporate initiatives to reduce operational risk losses.
• Assist LOBs to develop relevant and measurable key risk indicators.
• Actively participate in a robust review and challenge process with LOBs on their Risk & Control Self Assessments and overall performance.
• Provide specialized authoritative advice and consultation on current and emerging legal and regulatory compliance requirements including proactively anticipating and responding to regulatory changes, assessing the impact to the LOBs, and assisting the LOB in responding to the change.
• Demonstrate a broad awareness of cybersecurity events, threats and actors, including trends and emerging systemic risks.
• Provide feedback on operational risks/cybersecurity risks associated with the offering of new products and/or services, technology, processes, strategies, or business initiatives.
• Provide feedback on operational risks/cybersecurity risks associated with outsourced third party activities of the LOBs.
• Develop corporate control standards for certain high risk transactions/products.
• Develop and deliver training to the LOBs and/or peers on regulatory matters, operational risk policies and procedures, current industry practices, and risk and control standards.
• Interface with regulators; respond to internal/external audits/examinations requests for information, assist in the evaluation of audit/examination findings and implementation of corrective action, and/or assist in responses to regulatory and legal inquiry/investigations.
• Effectively and professionally interact with senior management, regulatory agency personnel, internal legal counsel, internal risk review personnel as well as operational/compliance peers.
• Develop department procedures to support governance monitoring processes and assist in the review, update and enhancement of operational and/or compliance risk management policies and procedure standards.
• Participate in (and in certain situations lead operational risk related projects, initiatives, working groups or other tasks as assigned to meet team objectives.
• Perform risk data analysis and/or develop customized reporting as requested.

Required Qualifications

• Bachelor’s degree
• General knowledge in areas of information technology governance, information technology risk management/GRC, information technology audit, vendor/third party management, business resiliency and fraud is required.
• 5+ years of information technology risk management, information technology audit, or hands-on information technology experience is required; 1-3 years of cybersecurity experience is preferred. This experience may be concurrent
• Cybersecurity related certifications are a plus (e.g., Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), Certified Information Security Manager (CISM))
• Demonstrated knowledge of cybersecurity-related regulations, guidelines, and frameworks (e.g., FFIEC Cybersecurity Assessment Tool (CAT) Tool, FFIEC IT Examination Handbook, NIST Cybersecurity Framework)
• Strong ability to work with all levels of management within the company
• Experience working/managing projects across multiple functional areas and dealing with multiple business partners
• Experience working on initiatives that require strategic planning/thinking
• Flexibility to switch priorities based on the needs of the company in a fast-paced environment
• Ability to grasp complex processes quickly and be able to identify risks and compensating controls
• Excellent problem solving abilities and results oriented; able to make decisions independently
• Proven ability to work as a team
• Strong leadership skills and ability to influence others
• Strong analytical/research skills coupled with ability to effectively summarize findings
• Excellent oral, written and interpersonal skills
• Ability to adapt to change and communicate changing requirements
• Excellent organizational skills and meticulous attention to detail
• Self-motivated
• Proficient PC skills with experience in Microsoft Office, Outlook and, SharePoint