Vice President, Director Risk Management

    • Job Tracking ID: 512371-647407
    • Job Location: Ann Arbor, MI
    • Job Level: Management
    • Level of Education: BA/BS
    • Job Type: Full-Time/Regular
    • Date Updated: September 14, 2018
    • Years of Experience: 7 - 10 Years
    • Starting Date: ASAP
Invite a friend
facebook LinkedIn Twitter Email


Job Description:

Vendor/Information Risk Function Overview:

The Vendor/Information Risk Management team within IT is a key control function within the overall Risk Management process at Bank of Ann Arbor. We are responsible for reviewing and assessing security controls of third parties to ensure the security and integrity of our data while in the possession of our vendors and partners. As part of the ongoing third party assessments performed we identify issues, assign appropriate risk ratings, and document them according to our Issue Management process.

Summary of Duties:

The Director Risk Management position supports the management of strategic vendor relationships within the Company. You will be responsible for ensuring Bank of Ann Arbor data remains secure and all risks, vulnerabilities and defects are managed, tracked, and re-mediated according to our processes and policy. You will drive assessment and remediation activities across our vendor population.

Essential Functions:

Risk Management

  1. Have experience with risk management processes, along with an understanding of the following: IT risk, security architecture, external/internal audit, and accepted security frameworks/standards (e.g. NIST, ISO, etc.).
  2. Conduct risk assessments for vendors, identify and document control gaps, and present results to support management action, escalation, and risk acceptance processes
  3. Partner with businesses across the enterprise to evaluate the information security risks associated with their vendor engagements.
  4. Review vendor due diligence materials (i.e. SSAE 16 reports, penetration testing reports, etc.), identify potential issues, and follow up for unresolved issues.
  5. Interpret, identify, and prioritize risk based on impact and likelihood.
  6. Work directly with key partners to: facilitate information risk analysis and risk management processes; identify acceptable levels of risk; and establish roles and responsibilities with regards to information risk management.
  7. Partner with various support groups and vendors to resolve appropriate risk remediation activities to address identified risks.
  8. Validate evidence from vendors prior to closing out remediation plans.
  9. Develop Senior Management reports including defining and tracking program based metrics (e.g., assessments completed within SLA, challenges, etc.).
  10. In partnership with our key internal partners (Vendor Management, Procurement, Legal, etc.), identify process and technology enhancements to drive efficiencies.
  11. Ensure close coordination with Audit/Compliance on aligning risks, issues, enterprise reporting, etc.

Vendor Management:

  1. To lead and execute the vendor management strategy for the bank.
  2. An understanding and working knowledge of successful business practices and current computer, Information Technology, Telecommunications Infrastructure including Internet commerce.
  3. Experience leading and participating in technical and cross-functional projects are often part of the task asked to perform in many of the detailed projects executed.
  4. Experience with IT audits, Disaster Recovery, Risk assessments, and Information Security.
  5. Experience in problem solving, process improvement methods, and business re-engineering methods.
  6. Use of Strong communication, presentation and facilitation skills required.

Experience and Skills:

Position Requirements:

Preferred Skills:

  1. Leadership presence with the ability to inspire and motivate teams.
  2. Experience in delivering strategic direction at both local and network levels.

You’ll Need to Have:

  1. A proven background in Information Security and Risk Management to help improve our overall Vendor Information Risk Management program.
  2. Thorough knowledge of LAN/WAN systems, networks and applications.
  3. Ability to maintain a high quality of service; maintain excellent user communications, with the ability to effectively report on issues and/or projects.
  4. Bachelor’s degree in Information Technology, Information Security, Business or Risk Management (or equivalent experience).
  5. 7 plus years related work experience required.
  6. Comprehensive Knowledge of Information Security standards and frameworks (NIST CSF, 800-53, Shared Assessments, ISO, etc.) with an understanding of the 'why' behind the controls and not just the controls themselves.
  7. Experience assessing cloud based service providers
  8. CISSP, CISM or other Information Security certifications
  9. IT audit background and practical knowledge of a variety of technologies including operating systems, server, network and web infrastructure, database architectures, intrusion detection, and prevention systems
  10. Experience with Governance, Risk, and Compliance tools
  11. Strong interpersonal and oral/written communication skills with the ability to build relationships at all levels.
  12. Strong analysis and problem solving skills.