
Oversee IT, Information Security, and Business Continuity/Disaster Recovery (BCP/DR) risks across the credit union. Partner with technology and business leaders within the three lines of defense framework to provide independent oversight and advisory support, ensuring technology risks are effectively managed and aligned with the organization's risk appetite, regulatory expectations, and strategic objectives. Serve as the primary liaison between Enterprise Risk Management and technology leadership to promote transparency, resilience, and informed risk-based decision-making.
o This position is hybrid.
o NYC Salary Range: $150,000 - $200,000 annually: compensation is commensurate to geographic location.
ACCOUNTABILITIES:
Technology and Emerging Risk Oversight
• Regardless of seniority or role, uphold UNFCU’s mission, core values, and guiding principles by providing an exceptional service experience to colleagues and members alike through consistent demonstration of our service excellence behaviors.
• Provide independent second-line oversight of Information Technology, Information Security/Cyber, AI, technology resilience, and infrastructure risks, ensuring effective governance across the organization.
• Assess and challenge first-line risk assessments, control effectiveness, and mitigation strategies related to core systems, cloud adoption, data management, AI, automation, and third-party technology risks.
• Bachelor's degree in Risk Management, Information Systems, or related field
• 10+ years of experience in a financial services environment with exposure to regulated environments, including a minimum of 4 or more years in a second line or commensurate risk function
• Experience in:
o Technology risk management, information security/cyber risk, and business continuity and operational resilience
o Risk management, such as identifying risk in key processes, compliance with regulatory requirements, monitoring, testing, issue management, risk appetite and related metrics, and reporting
o Collaborating with business partners to ensure compliance with regulatory requirements, fostering cross-functional communication
• Demonstrated ability to provide independent challenge to senior stakeholders, translate technical risks into business and financial impacts
• Strong knowledge of enterprise risk management, financial services regulations (e.g., NCUA, FFIEC, OCC), the three lines of defense model, and technology, cyber, and emerging AI risk frameworks (e.g., NIST, ISO, COBIT).
• Proficient in Microsoft Office, particularly Excel, with sound risk judgment, analytical skills, and the ability to provide independent, objective oversight.
• Strategic thinker with strong digital, cyber, and AI risk awareness, capable of balancing governance, partnership, and practical business solutions.
• Exceptional executive communication and influencing skills, with the ability to build relationships and drive outcomes without direct authority, including presenting to senior leadership and the Board.