CharlotteRecruiter Since 2001
the smart solution for Charlotte jobs

IT/IS Risk Management Principal

Company: USAA
Location: Indian Trail
Posted on: November 25, 2022

Job Description:

Purpose of Job

We are currently seeking a Principal, IT/IS Risk Management. This is a key position within USAA's Risk Management team, reporting to the AVP of IT Risk Management. As second line of defense (risk) lead on IT/IS Third Party Risk Programs, the Principal will seek to deliver independent risk oversight of IT Risk Governance Program. The role will develop and execute risk assessments across Enterprise IT/IS space. This position can be hybrid out of one of main hub location Charlotte, NC, San Antonio, TX; Plano, TX; Phoenix, AZ; Tampa FL; Colorado Springs, CO

Responsible for providing direct 2nd line of defense (LOD) risk oversight for USAA's Information Technology/Information Security (IT/IS) business function which includes developing and executing a comprehensive risk management coverage plan. Establishes enterprise-wide standards for 2nd LOD IT/IS risk reporting and ensures IT/IS risk reporting is appropriately tailored to meet the standards of the Board, senior management, and other key stakeholders within the organization.

Job Requirements

About USAA

  • USAA knows what it means to serve. We facilitate the financial security of millions of U.S. military members and their families. This singular mission requires a dedication to innovative thinking at every level.
  • Establishes and maintains an Enterprise IT/IS risk governance framework that supports enterprise-wide standard operating policies and procedures that are aligned with the USAA Board's risk appetite, the company's business and strategic objectives, and regulatory expectations.
  • Reviews and evaluates the Third-Party Risk Management Program and incorporates the applicable requirements into the Enterprise IT Risk Governance Program.
  • Accountable for assessing business unit level IT/IS policies, standards and procedures developed and implemented by the business units to ensure they are in alignment with and support the Enterprise IT/IS policies, standards and procedures.
  • Evaluates and challenges the completeness and accuracy of the 1st LOD's enterprise-wide IT/IS process risk and control inventory; conducts validation testing and reviews to ensure the recommended corrective actions to 1st and 2nd LOD identified IT/IS issues are complete, sustainable and effective.
  • Continually evaluates information technology, information security and data risk developments, strategic and operating plans, stress points and changes in operating processes to identify potential risks which may impact the IT/IS operating and control environment.
  • Reviews and monitors identified material IT/IS internal and external risks and emerging potential threats and ensures risk mitigation action is taken as necessary.
  • Assesses the enterprise information technology systems and information security protocols to ensure they are secure to support the businesses' processing environment and are adequately controlled to appropriately mitigate IT/IS risks. Minimum Requirements:
    • Bachelor's degree; 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree.
    • 10 years of Information Technology/Information Security (IT/IS) experience in a financial services and/or banking industry to include 6 years of specific risk management experience.
    • Demonstrated experience in applying IT/IS risk frameworks such as risk governance, control effectiveness measurement, process, risk and control analysis, and risk management coverage plan (monitoring, assessment and testing).
    • In-depth knowledge of cyber security, information security, fraud risk management, data risk management, customer authentication and identification access processes and controls.
    • Proven ability to communicate and influence effectively across all Lines of Defense.
      • Knowledge of federal regulation 12 CFR Part 30, including Appendices A, B and D and with federal supervisory guidance, to include:
        • OCC Documents: Large Bank Supervision Handbook; OCC Safety and Soundness Handbooks - Internal Control, and Retail Lending; and with key OCC bulletins to include: Third Party Risk Management; Technology Risk Management; and Operational Risk
        • Federal Reserve Documents: Consolidated Supervision Framework for Large Financial Institutions; Federal Reserve Board Bank Holding Company Supervision Manual
        • FFIEC Manuals and Handbooks to include: Banking; Information Technology Examination
          • General understanding of federal laws, rules, and regulations, to include:
            • CRA; ECOA; FCRA; MLA; SCRA; Regulation DD; Regulation E; Regulation Z; BSA/AML and UDAP/UDAAP
            • Basel Committee on Banking Supervision Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS-239)
            • Title V, Section 501 of the Gramm-Leach-Bliley Act
            • EU General Data Protection Regulation (GPDR)
            • California Consumer Privacy Act (CCPA)
            • New York State Department of Financial Services 23 NYCRR Part 500
            • Laws and Regulations for illustrative purposes. Roles would need an understanding of all federal and state laws and regulatory guidance applicable to the organization and responsibilities of the role. Preferred Experience:
              • Ten or more years' experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers
              • Experience with risk management of Emerging New Technologies (such as Artificial Intelligence, Machine learning and Cloud).
              • Familiarity with financial sector regulatory practices and second line of defense effective challenge
              • Ten or more years' experience with performing risk assessments, detection and response operations
              • Ability to work cross-functionally, individually, and to lead work among a team
              • Execution oriented and a self-motivator
              • Familiarity Industry standard frameworks; NIST, COSO, COBIT and etc.
              • Curiosity about driving a technology risk management culture with key business and IT teams; ability to translate risk assessments into clear, useful feedback for key partners
              • Relevant risk and data certifications The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.


                USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market position. The salary range for this position is: $155,400- $279,800 (this does not include geographic differential it may be applied based on your work location)

                Employees may be eligible for pay incentives based on overall corporate and individual performance or at the discretion of the USAA Board of Directors.


                At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.

                Please click on the link below for more details.

                USAA Total Rewards

                Relocation assistance is available for this position.

                USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Keywords: USAA, Charlotte , IT/IS Risk Management Principal, Executive , Indian Trail, North Carolina

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest North Carolina jobs by following @recnetNC on Twitter!

Charlotte RSS job feeds