IT/IS Risk Management Principal
Location: Indian Trail
Posted on: November 25, 2022
Purpose of Job
We are currently seeking a Principal, IT/IS Risk Management. This
is a key position within USAA's Risk Management team, reporting to
the AVP of IT Risk Management. As second line of defense (risk)
lead on IT/IS Third Party Risk Programs, the Principal will seek to
deliver independent risk oversight of IT Risk Governance Program.
The role will develop and execute risk assessments across
Enterprise IT/IS space. This position can be hybrid out of one of
main hub location Charlotte, NC, San Antonio, TX; Plano, TX;
Phoenix, AZ; Tampa FL; Colorado Springs, CO
Responsible for providing direct 2nd line of defense (LOD) risk
oversight for USAA's Information Technology/Information Security
(IT/IS) business function which includes developing and executing a
comprehensive risk management coverage plan. Establishes
enterprise-wide standards for 2nd LOD IT/IS risk reporting and
ensures IT/IS risk reporting is appropriately tailored to meet the
standards of the Board, senior management, and other key
stakeholders within the organization.
- USAA knows what it means to serve. We facilitate the financial
security of millions of U.S. military members and their families.
This singular mission requires a dedication to innovative thinking
at every level.
- Establishes and maintains an Enterprise IT/IS risk governance
framework that supports enterprise-wide standard operating policies
and procedures that are aligned with the USAA Board's risk
appetite, the company's business and strategic objectives, and
- Reviews and evaluates the Third-Party Risk Management Program
and incorporates the applicable requirements into the Enterprise IT
Risk Governance Program.
- Accountable for assessing business unit level IT/IS policies,
standards and procedures developed and implemented by the business
units to ensure they are in alignment with and support the
Enterprise IT/IS policies, standards and procedures.
- Evaluates and challenges the completeness and accuracy of the
1st LOD's enterprise-wide IT/IS process risk and control inventory;
conducts validation testing and reviews to ensure the recommended
corrective actions to 1st and 2nd LOD identified IT/IS issues are
complete, sustainable and effective.
- Continually evaluates information technology, information
security and data risk developments, strategic and operating plans,
stress points and changes in operating processes to identify
potential risks which may impact the IT/IS operating and control
- Reviews and monitors identified material IT/IS internal and
external risks and emerging potential threats and ensures risk
mitigation action is taken as necessary.
- Assesses the enterprise information technology systems and
information security protocols to ensure they are secure to support
the businesses' processing environment and are adequately
controlled to appropriately mitigate IT/IS risks. Minimum
- Bachelor's degree; 4 additional years of related experience
beyond the minimum required may be substituted in lieu of a
- 10 years of Information Technology/Information Security (IT/IS)
experience in a financial services and/or banking industry to
include 6 years of specific risk management experience.
- Demonstrated experience in applying IT/IS risk frameworks such
as risk governance, control effectiveness measurement, process,
risk and control analysis, and risk management coverage plan
(monitoring, assessment and testing).
- In-depth knowledge of cyber security, information security,
fraud risk management, data risk management, customer
authentication and identification access processes and
- Proven ability to communicate and influence effectively across
all Lines of Defense.
- Knowledge of federal regulation 12 CFR Part 30, including
Appendices A, B and D and with federal supervisory guidance, to
- OCC Documents: Large Bank Supervision Handbook; OCC Safety and
Soundness Handbooks - Internal Control, and Retail Lending; and
with key OCC bulletins to include: Third Party Risk Management;
Technology Risk Management; and Operational Risk
- Federal Reserve Documents: Consolidated Supervision Framework
for Large Financial Institutions; Federal Reserve Board Bank
Holding Company Supervision Manual
- FFIEC Manuals and Handbooks to include: Banking; Information
- General understanding of federal laws, rules, and regulations,
- CRA; ECOA; FCRA; MLA; SCRA; Regulation DD; Regulation E;
Regulation Z; BSA/AML and UDAP/UDAAP
- Basel Committee on Banking Supervision Principles for Effective
Risk Data Aggregation and Risk Reporting (BCBS-239)
- Title V, Section 501 of the Gramm-Leach-Bliley Act
- EU General Data Protection Regulation (GPDR)
- California Consumer Privacy Act (CCPA)
- New York State Department of Financial Services 23 NYCRR Part
- Laws and Regulations for illustrative purposes. Roles would
need an understanding of all federal and state laws and regulatory
guidance applicable to the organization and responsibilities of the
role. Preferred Experience:
- Ten or more years' experience with analysis of emerging threats
and reports that describe the implications of threat(s) and
opportunities to executives or senior decision-makers
- Experience with risk management of Emerging New Technologies
(such as Artificial Intelligence, Machine learning and Cloud).
- Familiarity with financial sector regulatory practices and
second line of defense effective challenge
- Ten or more years' experience with performing risk assessments,
detection and response operations
- Ability to work cross-functionally, individually, and to lead
work among a team
- Execution oriented and a self-motivator
- Familiarity Industry standard frameworks; NIST, COSO, COBIT and
- Curiosity about driving a technology risk management culture
with key business and IT teams; ability to translate risk
assessments into clear, useful feedback for key partners
- Relevant risk and data certifications The above description
reflects the details considered necessary to describe the principal
functions of the job and should not be construed as a detailed
description of all the work requirements that may be performed in
USAA has an effective process for assessing market data and
establishing ranges to ensure we remain competitive. You are paid
within the salary range based on your experience and market
position. The salary range for this position is: $155,400- $279,800
(this does not include geographic differential it may be applied
based on your work location)
Employees may be eligible for pay incentives based on overall
corporate and individual performance or at the discretion of the
USAA Board of Directors.
At USAA our employees enjoy best-in-class benefits to support their
physical, financial, and emotional wellness. These benefits include
comprehensive medical, dental and vision plans, 401(k), pension,
life insurance, parental benefits, adoption assistance, paid time
off program with paid holidays plus 16 paid volunteer hours, and
various wellness programs. Additionally, our career path planning
and continuing education assists employees with their professional
Please click on the link below for more details.
USAA Total Rewards
Relocation assistance is available for this position.
USAA is an Equal Opportunity Employer. All qualified applicants
will receive consideration for employment without regard to race,
color, religion, sex, sexual orientation, gender identity, national
origin, disability, or status as a protected veteran.
Keywords: USAA, Charlotte , IT/IS Risk Management Principal, Executive , Indian Trail, North Carolina
Didn't find what you're looking for? Search again!