Manager, Technology Risk Officer (Enterprise IT Risk)The Technology Risk Officer (Enterprise IT Risk) is responsible for the 2LoD challenge & oversight for the implementation and support of enterprise risk management programs for the Enterprise IT Risk organization, as well as the monitoring, escalation, and reporting of significant risks and control weaknesses.Key Responsibilities and Duties
Policy & Standards – provide 2LoD support and challenge for IT’s documented Information Technology Policy and IT Standards via associated committee, including ensuring associated controls and implementation timelines meet regulatory requirements, and gathering feedback and evaluation of proposed changes and timelines that will directly impact technology teams. Additionally, ensure new/modified IT Standards are integrated into existing Application and Infrastructure risk assessment programs (i.e., ITRC).
Risk and Control Self-Assessment (RCSA) – support and challenge the implementation and maturation of the RCSA program and related processes; (1) effectively coordinate with 1LoD risk & control partners to ensure that the implementation of the RCSA program includes the appropriate identification of technology risks and control weaknesses; (2) work in collaboration with business-aligned control teams to ensure RCSAs provide a full view of the technology control environment that the businesses are reliant upon to support their critical business functions.
Application and Infrastructure Risk Assessments – support and challenge the implementation and maturation of the Application and Infrastructure risk assessment programs (i.e., ITRC) and related processes.
Strategic Initiatives – provide engagement, counsel, advice, and challenge on key strategic initiatives to ensure risks and regulatory aspects are appropriately considered and addressed.
2LoD Targeted Risk Assessments – support the execution of 2LoD independent targeted risk assessments to confirm control effectiveness and identify opportunities to strengthen controls.
Risk Appetite & Thresholds – support the maintenance, performance monitoring, and periodic updates to Enterprise & LoB risk appetite statements and breach thresholds based on direction and feedback from the CRO Teams and business leader.
Relationship Management – build and maintain effective relationships with key 1LoD leaders (L5/L6) via recurring, periodic 1:1s, and ad-hoc touchpoints to share information and position oneself as a trusted advisor.
Issue & Incident Management – responsible for supporting these enterprise programs and providing appropriate governance and challenge to ensure the execution of program requirements and mitigation of risk; provide 2LoD challenge for (1) risk-accepted issues, issue rating criticality, and linkage to the RCSA program; (2) ensure action plans adequately address the identified control gaps; (3) review and track the root causes for major technology incidents to identify and highlight potential thematic concerns.
Risk Management Committees – provide support to management in delivering periodic risk and compliance reporting, and partner with 1LoD to bring relevant focus topics to Senior Management and the Board.
Educational Requirements
University (Degree) Preferred
Work Experience
5+ Years Required; 7+ Years Preferred
Physical Requirements
Physical Requirements: Sedentary Work
Career Level8ICRequired Qualifications:
5 years of working experience in IT/Technology Risk Management, IT/Technology Compliance, IT/Technology Audit, or Information Technology.
Preferred Skills
7+ years of working experience in IT/Technology Risk Management, IT/Technology Compliance, IT/Technology Audit, or Information Technology.
Bachelor’s Degree
Considerable familiarity with financial services technology-related laws/regulations/control frameworks, and experience with evaluating impacts on technology risks, controls, policies, and standards.
Extensive experience independently evaluating/performing risk and control assessments and/or audits, across various technology areas/domains.
Professional Certifications: CISA, CISSP, CRISC and/or CISM.
Related SkillsAdaptability, Business Acumen, Compliance, Consultative Communication, Critical Thinking, General Risk Management, Organizational Savviness, Problem Solving, Relationship Management, Risk Reporting, Technology SystemsAnticipated Posting End Date:2025-02-04Base Pay Range: $127,900/yr. - $160,000/yr.Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans).Company OverviewEvery worker deserves a secure retirement. For more than 100 years, TIAA has delivered it for millions of people. Founded to help educators retire with dignity, today weʼre a market-leading retirement company fueled by world-class asset management. But weʼre not just another legacy financial services firm. Weʼre fighting harder than ever before for our clients and the many Americans who need us.Benefits and Total RewardsThe organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary (https://www.tiaa.org/public/pdf/benefits-at-a-glance.pdf) .Equal OpportunityWe are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.Read more about the Equal Opportunity Law here (https://www.dol.gov/general/topics/posters) .Accessibility SupportTIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:Phone: (800) 842-2755Email: accessibility.support@tiaa.orgPrivacy NoticesFor Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here (https://www.tiaa.org/public/tiaa-nuveen-privacy) .For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here (https://www.tiaa.org/public/tiaa-nuveen-ca-privacy) .For Applicants of TIAA Global Capabilities, click here (https://www.tiaa.org/public/support/privacy/tiaa-global-capabilities-privacy-notice) .For Applicants of Nuveen residing in Europe and APAC, please click here (https://www.tiaa.org/public/nuveen-eu-uk-privacy) .TIAA started out over 100 years ago to help ensure teachers could retire with dignity. Today, many people who work at not-for-profits rely on our wide range of financial products and services to support and strengthen their financial well-being.Privacy Notices
For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here (https://www.tiaa.org/public/tiaa-nuveen-privacy) .
For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here (https://www.tiaa.org/public/tiaa-nuveen-ca-privacy) .
For Applicants of TIAA Global Capabilities, click here (https://www.tiaa.org/public/support/privacy/tiaa-global-capabilities-privacy-notice) .
For Applicants of Nuveen residing in Europe and APAC, please click here (https://www.tiaa.org/public/nuveen-eu-uk-privacy) .
Nondiscrimination & Equal Opportunity EmploymentTIAA is committed to providing equal opportunity across all employment practices and we believe our employees have a right to a diverse and inclusive workplace.EEO is the Law (https://assets.phenompeople.com/CareerConnectResources/TIAAGLOBAL/documents/22-088EEOCKnowYourRights-1688394514088.pdf)Pay TransparencyPhiladelphia Ban the Box (https://www.phila.gov/media/20210423160847/Fair-Chance-Hiring-law-poster.pdf)