Infrastructure Risk Director

Description

Summary:

The Infrastructure Risk Director will report to the SVP, Technology Segment Risk Officer. This role will be the senior leader responsible for first line of defense risk management and oversight activity for the Infrastructure organization and serve as the primary risk partner for the Chief Technology Officer's leadership team. This role will be responsible for leading the risk culture of the segment. Risk oversight activities will include risk identification, control design and evaluation, and completion of risk and control self-assessments. This leader will work closely with the CTO's organization to identify, assess, and mitigate risk.

• Serve as "voice of risk"; provide both credible challenge and transparent counsel

• Familiar with network security, vulnerability and patch management, identity management, database and server infrastructure, asset management, incident and problem management, change management, configuration management, container administration, and other key areas

• Demonstrated ability to stay current with an evolving risk landscape

• Lead and develop a dedicated team of risk managers and specialists for a consistent and effective support model

• Update risk register when issues/findings identify new risks, significant changes to existing risks

• Monitor changes to rules and regulations for potential impact to risk register

• Complete risk and control self-assessment including analysis of inherent risk, control environment, residual risks, segment risk appetite metrics, top and emerging risks, control effectiveness, metrics, findings, risk acceptances, and changes since last period according to guidance and timelines

• Consult on the development and review of key risk metrics, controls, and control tests

• Provide leadership voice in key risk committees

• Independently validate management's actions to resolve identified risks are effective

• Implement policies and standards to ensure conformance with Risk Governance and Risk Appetite Framework

• Partner with peers supporting Cloud, Cybersecurity, Data and Application teams, as well as 2nd and 3rd line oversight bodies

• Interact with regulatory oversight teams and supporting external exams as required; leverage knowledge of regulatory guidance to evaluate alignment

Basic Qualifications:

• Bachelor's Degree
• 10+ years of experience in Risk Management activities and Control Frameworks to address Cybersecurity and Technology Risk Management; experience in confidentiality, integrity, and availability principles and industry standard practices

Preferred Qualifications:

• Executive communication and presentation skills

• Strong leadership abilities and experience building and developing teams

• Ability to lead new initiatives and transformations through influence

• CISA, CISSP, or similar professional certifications

• Agile and/or Kanban project execution

• Banking experience

#LI-Hybrid

#LI-SG1

Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)

Yes

Workplace Type:

Huntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.

Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.

Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position