Cybersecurity & Resilience Risk Manager

at KeyBank
Published November 1, 2020
Location Cleveland, OH
Category Default  
Job Type Full-time  

Description

ABOUT THE JOB
The Cybersecurity and Resilience Operational Risk Program Manager has overall responsibility to mitigate and discourage actions that may expose KeyCorp and its affiliates to cybersecurity or resilience risk with its business activities. This position is responsible for ensuring cybersecurity and resilience risk requirements and processes comply with regulatory requirements, Key’s Risk Management policies and program requirements, and that business activities are managed within Key’s Operational Risk Management appetite. Additionally, this position is responsible for the oversight of risk identification and mitigation for cybersecurity and resilience risk, including the oversight of relevant programs and policies, which includes providing highly specialized guidance and oversight on current and emerging legal, regulatory, and operational risk issues, monitoring and measuring operational risk performance, and reviewing and challenging of strategy (e.g., initiatives, products, third parties, and clients), control design, implementation, testing, and remediation for all LOBs. The qualified candidate must be able to work independently and use sound judgment taking into consideration risk tolerances of assigned LOBs and KeyCorp overall. This role reports directly to the Senior Director of Cybersecurity and Technology Risk Oversight. This position will have direct reports that include operational risk officers and/or analysts.

ESSENTIAL JOB FUNCTIONS

– Proactively works with business unit management to identify and assess cybersecurity and resilience risks associated with business activities, ensuring alignment with the Corporate Operational Risk Framework including:
• Advising LOBs on risks and controls and applicable metrics (i.e., KRIs, EWIs, Tolerances).
• Advising LOBs on risks related to new products and/or services and business initiatives.
• Advising LOBs on risks related to outsourced third party activities.
• Identifying aggregate risk across LOBs
• Assessing the appropriateness of and working with LOBs on developing and/or enhancing internal procedures and guidelines to comply with Operational Risk appetite, tolerances and policies.
• Conducts a robust Review and Challenge process in evaluating and reviewing business processes, risk profiles, risk indicators, controls, remediation plans, etc., to ensure alignment with Key’s Operational Risk and Enterprise Risk Management programs, policies and practices.
• Ensures the effective development and delivery of corporate-wide and or role specific Operational Risk training; provides guidance and assistance related to LOBs related to the development of LOB specific operational risk training.
• Providing periodic risk reporting to senior management
– Accountable for ensuring that policies and procedures and associated cybersecurity and resilience risk programs are consistent with current applicable banking rules, regulations, and laws. Monitors and assesses for any new or amended requirements.
– Develops and recommends for approval policies, standards, procedures and guideline to comply with corporate risk appetites, tolerances and policies.
– Acts as Cybersecurity and Resilience Risk Subject Matter Expert on assigned Subcommittees and/or Working Groups.
– Develops and maintains positive working relationships with internal clients, staff, peers, and senior management.
– Ensures a sound understanding of business strategy, business processes and associated risks for assigned business units.
– Escalates promptly to appropriate senior management or appropriate risk committee any material breaches of applicable laws, rules, policies or standards with actual or potential operational risk impact, and necessary correction action.
– Maintain relationships with industry peers and regulatory bodies.
– Respond to internal and external audits, regulatory exams and other requests for information. Assist in the evaluation of audit and examination findings and implementation of corrective action and needed responses.
– Effectively manages assigned human capital, ensuring acceptable employee engagement levels, providing sound direction, active coaching and development, and performance management of assigned employees. Trains and develops staff to understand risk and controls principals, regulatory requirements, risk management and process improvement techniques.

REQUIRED QUALIFICATIONS
– An Undergraduate degree is required, advanced degree/s desired and would be a plus
– Minimum of 8+ years of relevant industry and professional experience (e.g., cybersecurity risk management, cybersecurity audit, or direct cybersecurity governance experience)
– In-depth practical knowledge of cybersecurity controls, risk assessments and operational processes, and applicable techniques for implementation of regulatory, compliance and legal requirements and operational processes.
– Demonstrated knowledge of cybersecurity related regulations, guidelines, and frameworks (e.g., COBIT, GLBA, HIPAA, NIST, PCI)
– Strong leadership and relationship management skills including the ability to lead up and across the organization
– Ability to effectively communicate to lines of businesses and senior management, both in writing and verbally
– Has high ethical standards
– Proven to be a proactive thinker
– Proven ability to drive results through people
– Strong project management and/or continuous improvement skills
– Proven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practices
– Industry certifications a plus (e.g., Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)

FLSA STATUS:

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to engaging a diverse workforce and sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.