Senior IT Risk Manager - Operational Risk Management
Profile Summary
The Senior IT Risk Manager reports to the head of IT Risk Management (ITRM) within the firm's Operational Risk Management (ORM) function. The mission of ORM is to support Voya leadership in risk-based decision making and to assist with the management of operational risks of the enterprise, through the application of a comprehensive framework, processes, and tools for identifying, measuring, and monitoring operational risks. The ITRM function provides risk oversight for Voya’s enterprise Information Technology (IT) function and technologies supporting Voya's Investment Management, Retirement Benefits, and Employee Benefits businesses by facilitating processes to identify, monitor, and mitigate IT related operational risks.
Profile Description
Forge Strong Partnerships: Actively engage with IT stakeholders and senior leadership to foster a robust risk culture. This includes regular interaction and collaboration at various organizational levels.
AI Risk Management Expertise: Serve as a subject matter expert in AI risk management, playing a pivotal role in the identification, assessment, and mitigation of AI-related risks as well as supporting the enterprise AI governance program in line with risk principles and regulatory requirements.
Real-Time Risk Advisory: Provide subject matter expertise and advise on IT related risks and remediation/mitigation of risk exposures. Real-time risk advisory and risk measurement are key elements of this role.
Risk and Control Framework: Define and maintain IT risk and control standards, ensuring a comprehensive and up-to-date framework is in place.
Risk Identification and Assessment: Lead IT risk identification and assessment activities that include IT process reviews, top-down risk assessments, targeted risk and control assessments, development of key risk indicators (KRI), risk event management, trend analysis, and controls compliance.
Incident Analysis and Optimization: Monitor the IT risk and control environment including root cause analysis of issues and incidents to identify process improvement, control optimization, and risk reduction opportunities.
Risk Reporting: Develop Board and senior leadership risk reporting and risk committee materials.
Regulatory Compliance: Assist with assessments concerning compliance with applicable laws and regulations impacting IT.
Business Impact Assessments: Work closely with line of business ORM teams to characterize potential IT risks and trends, assessing business impact and articulating criticality and implications to business stakeholders.
Strategic Development: Assist with ongoing development and maintenance of IT Risk Management strategy and framework, and education of stakeholders.
Travel: Occasional travel to Voya office locations for collaboration purposes.