IT Director - First Line IT Governance, Risk, and Controls

Overview

IT Director I - First Line IT Governance, Risk, and Controls

Location:

Block 23

As an IT Director you'll lead the delivery of technology solutions leveraging partnerships with other technology teams (e.g. Architecture, Infrastructure, Engineering, and Support), business teams and leaders, strategic partners, and third-party technology providers. Additionally, you'll collaborate with internal business partners to proactively address ongoing customer needs and ensure rapid resolution to open issues. In this role you'll foster a collaborative environment with focus on continuous improvement and delivery of working software.

As a IT Director I you'll drive the strategic planning for the delivery of products and services as well as evaluate Technology and set standards. Working in this role, you'll be accountable to recommend improvements to established business processes as well as to continue to deliver high value in execution. You also be accountable for creating comprehensive project plans as well as to remove any impediments and track overall project performance, specifically to analyze the successful completion of business short-term and long-term goals.

In addition, this IT Director role will oversee IT Governance, Risk & Compliance (GRC) functions including regulatory compliance management, policy governance, IT risk assessments, third‑party technology risk, audit engagement management, issue/exception oversight, and the enterprise identity, access and service management governance program.

• Oversee the development, tracking, and reporting of IT KRIs within GRC and Workfront platforms to provide timely insights into emerging risks and trends.
• Coordinate and help lead reviews of Service Organization Control (SOC) reports to validate IT control effectiveness and identify potential gaps impacting risk posture.
• Ensure the accuracy and completeness of the IT risk control inventory, including updates for new controls, retirements, and alignment with regulatory and internal standards.
• Develop and deliver high-quality materials for governance forums, ensuring clarity on risk issues, mitigation strategies, and decision-making support.
• Oversee IT participation in regulatory exams, internal audits, and enterprise risk reviews, ensuring consistent messaging and readiness.
• Serve as a trusted advisor to IT stakeholders by offering guidance on risk identification, exception management, mitigation strategies, and compliance with enterprise risk frameworks.
• Aggregate and analyze data for issue owners to monitor remediation progress and escalate delays or concerns to leadership.
• Oversee the execution of mock regulatory exams and remediation exercises to strengthen preparedness for supervisory reviews and internal assessments.
• Prepare and present risk and control updates for key governance bodies, ensuring transparency and actionable insights.
• Create executive-level reports and presentations that communicate IT risk posture, trends, and strategic initiatives to senior leadership.
• Participate in building the IT organization's strategy for employee development, retention, resource allocation, talent management, performance management, and achieve a diverse and engaged workforce as well as recruit, train, and evaluate staff members work.
• Participate in the annual budget planning and management process as well as business cases reviews, execution plans, and operating plans for their teams.

• 10+ years direct experience in IT Governance, IT Risk Management, Cybersecurity, Compliance, or Technology Audit.
• Relevant industry certifications preferred (e.g., CISA, CRISC, CISSP, CISM, CGEIT, ITIL).
• Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field required;
  Advanced degree or certifications (e.g., CRISC, CISA, CISSP) preferred.
• Proven leadership experience with the ability to manage and develop teams, drive accountability, and foster collaboration across IT and business units.
• Intermediate to advanced knowledge of general Financial Services or Banking is preferred.
• Intermediate to advanced knowledge of regulatory and compliance frameworks (e.g., FFIEC, SOX, GLBA) and industry standards (e.g., NIST, ISO).
• Experience managing IT risk programs and governance processes, including KRIs, control inventories, audit coordination, and regulatory deliverables.
• Ability to analyze complex data sets and summarize findings into actionable insights for governance reporting and executive presentations.
• Exceptional communication skills, both written and verbal, with the ability to influence stakeholders and present to senior leadership and committees.
• Advanced to expert experience in risk management tools and platforms and familiarity with IT control frameworks.
• Advanced to expert ability to analyze a variety of data and summarize findings in applicable reports or other communication mediums. Utilize data to identify areas of improvement and opportunities for growth by collaborating with…