Technology and Information Security Risk Specialist
About the role
The Technology and Information Security Risk Specialist provides independent Second Line oversight of the Bank’s technology infrastructure, information security, and cyber risk programs. The role evaluates whether risks are appropriately identified, assessed, escalated, reported, and remediated through a practical, connected, and risk-based approach. This position strengthens the Bank’s risk posture by providing effective review and challenge, supporting risk assessments and control reviews, and connecting technology and information security risk themes to operational risk, vendor risk, change management, resilience, data management, and broader ERM processes.
Core Responsibilities
Provide independent oversight, ongoing monitoring, and effective challenge of First Line technology infrastructure, information security, and cyber risk programs, including governance, controls, execution, reporting, and residual risk.
Lead and review risk assessments, RCSAs, control testing, issues, remediation plans, KRIs/KPIs, policies, procedures, evidence, and supporting analysis.
Develop and enhance the Second Line framework for technology and information security risk and assess connectivity to operational risk, vendor risk, change management, resilience, data management, and enterprise controls.
Identify, assess, and report risks related to significant projects, new activities, vendor relationships, control changes, AI, automation, and other emerging technologies.
Develop KRIs/KPIs, prepare clear materials for management, committee, audit, board, and regulatory discussions, and provide input for ICAAP, risk appetite, risk profile assessments, and ERM routines.
Coordinate with audit, regulators, Head Office, First Line technology and security teams, the CISO function, IT Operations Risk, Vendor Management, business lines, and executive stakeholders while maintaining Second Line independence.
Support targeted risk awareness efforts and produce clear, defensible work that connects facts, risks, controls, dependencies, and conclusions.
Qualifications
Experience and Education: 10+ years in technology infrastructure, information security, cyber risk, IT controls, or related oversight functions, preferably within a regulated financial institution; bachelor’s degree in a related technical or risk discipline preferred.
Technical and Regulatory Knowledge: Strong knowledge of technology, cybersecurity, and control environments, including cloud, applications, infrastructure, access management, resilience, NIST, NYDFS Part 500, FFIEC guidance, and related risk expectations.
Risk Assessment and Oversight: Skilled in risk assessments, control reviews, issue management, remediation tracking, risk reporting, governance routines, and effective challenge across First, Second, and Third Line stakeholders.
Enterprise and Emerging Risk Connectivity: Ability to connect technology and information security risk themes to ERM processes, including ICAAP, risk appetite, risk profile assessments, enterprise reporting, AI, automation, and other emerging technology risks.
Execution and Tools: Experience using GRC tools and managing technology or security-related projects, technical teams, and cross-functional workstreams with clear ownership, deadlines, reporting, and follow-through.
Communication and Judgment: Strong analytical, writing, documentation, executive communication, professional judgment, independence, and ability to produce clear, defensible work for senior management, committee, audit, or regulatory review.
Preferred Certifications
CISSP, CISM, CISA, CRISC, CEH, or equivalent certifications are strongly preferred.
Reporting Structure
Reports to the Head of Risk Strategy and Supervisory Oversight. Key Partners include Risk, IT, Information Security, Compliance, Audit, Operations, Vendor Management, Head Office, and business stakeholders.
Role Focus
Provides independent 2LOD oversight, supports effective review and challenge, and connects technology and information security risk considerations to the Bank’s broader risk framework.
Compensation
The expected annual salary for this position is between $160,000 and $180,000 at the start of employment. A salary offer is determined on an individualized basis, taking into consideration factors such as an individual’s skills and experience. In addition to base salary, our total rewards package also includes eligibility for an annual bonus, medical, pharmacy, dental, and vision plans, life and disability insurance, employee wellness program, retirement and savings plans with employer contributions, generous holiday and paid time off schedules, parental leave, and tuition reimbursement.
Additional Information
The Bank Will Make Reasonable Accommodations To The Following Employees To Allow Them To Perform The Essential Functions Of Their Position, Except Where Doing So Would Result In Undue Hardship To The Bank
Disclaimer
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed. All your information will be kept confidential according to EEO guidelines. We are operating on a Hybrid schedule. NO AGENCIES PLEASE.
IDB BANK, INCLUDING ITS SUBSIDIARIES AND DIVISIONS, PROVIDES EQUAL EMPLOYMENT OPPORTUNITIES TO ALL EMPLOYEES AND APPLICANTS FOR EMPLOYMENT WITHOUT REGARD TO RACE, COLOR, RELIGION, SEX, SEXUAL ORIENTATION, NATIONAL ORIGIN, AGE, DISABILITY, GENETIC STATUS, CITIZENSHIP STATUS, MARITAL STATUS, MILITARY OR VETERAN STATUS, CURRENT UNEMPLOYMENT OR ANY OTHER LEGALLY PROTECTED CATEGORY IN ACCORDANCE WITH APPLICABLE FEDERAL, STATE AND LOCAL LAW. NOTHING IN THIS SITE CONSTITUTES A PROMISE OR OFFER OF EMPLOYMENT. Kindly review our Privacy Notice and GLBA Consumer Privacy Notice.