IT/IS Risk Management Principal

IT/IS Risk Management Principal

At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families.

Embrace a fulfilling career at USAA, where our core values honesty, integrity, loyalty and service define how we treat each other and our members. Be part of what truly makes us special and impactful.

The Opportunity

We are seeking an IT/IS Risk Management Principal to provide second line of defense oversight for USAA's Information Technology/Information Security functions. This individual contributor role involves developing and performing a comprehensive risk management plan, emphasizing a strong background in solutions using AI. The ideal candidate includes over 10 years of information security experience, with expertise in Identity and Access Management. Validated presentation skills for engaging diverse partners, including executive audiences. Experience as an IT/IS risk consultant within the financial industry.

We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: Charlotte, NC, San Antonio, TX, Plano, TX, Tampa, FL.

Relocation assistance is not available for this position.

What You'll Do

• Establishes and maintains an enterprise IT/IS risk governance framework that supports enterprise-wide standard operating policies and procedures that are aligned with the USAA Board's risk appetite, the company's business and strategic objectives, and regulatory expectations.
• Reviews and evaluates the Third-Party Risk Management Program and incorporates the applicable requirements into the Enterprise IT Risk Governance Program.
• Accountable for assessing business unit level IT/IS policies, standards and procedures developed and implemented by the business divisions to ensure they are in alignment with and support the Enterprise IT/IS policies, standards and procedures.
• Evaluates and challenges the completeness and accuracy of the 1st LOD's enterprise-wide IT/IS process risk and control inventory; conducts validation testing and reviews to ensure the recommended corrective actions to 1st and 2nd LOD identified IT/IS issues are complete, balanced and effective.
• Continually evaluates information technology, information security and data risk developments, strategic and operating plans, stress points and changes in operating processes to identify potential risks which may impact the IT/IS operating and control environment.
• Reviews and monitors identified material IT/IS internal and external risks and emerging potential threats and ensures risk mitigation action is taken.
• Assesses the enterprise information technology systems and information security protocols to ensure they are secure to support the businesses' processing environment and are adequately controlled to appropriately mitigate IT/IS risks.

What You Have

• Bachelor's degree OR 4 additional years of related experience beyond the minimum required may be substituted in lieu of a degree.
• 10 years of Information Technology / Information Security (IT/IS) experience, in a relevant industry or operational area, to include banking, insurance, financial services, project management, auditing / public accounting / consulting, and/or military service to include 6 years of specific risk management experience.
• Experience in applying IT/IS risk frameworks such as risk governance, control efficiency measurement, process, risk and control analysis, and risk management coverage plan (monitoring, assessment and testing).
• In-depth knowledge of cyber security, information security, fraud risk management, data risk management, customer authentication and identification access processes and controls.
• Communicate and influence across all Lines of Defense.
• Knowledge of federal regulation 12 CFR Part 30, including Appendices A, B and D and with federal supervisory guidance, to include:
• OCC Documents: Large Bank Supervision Handbook; OCC Safety and Soundness Handbooks - Internal Control, and Retail Lending; and with key OCC bulletins to include: Third Party Risk Management; Technology Risk Management; and Operational Risk
• Federal Reserve Documents: Consolidated Supervision Framework for Large Financial Institutions; Federal Reserve Board Bank Holding Company Supervision Manual
• FFIEC Manuals and Handbooks to include: Banking; Information Technology Examination
• General understanding of federal laws, rules, and regulations, to include:
• CRA; ECOA; FCRA; MLA; SCRA; Regulation DD; Regulation E; Regulation Z; BSA/AML and UDAP/UDAAP
• Basel Committee on Banking Supervision Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS-239)
• Title V, Section 501 of the Gramm-Leach-Bliley Act
• EU General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• New York State Department of Financial Services 23 NYCRR Part 500
• Laws and Regulations for illustrative purposes. Roles would need an understanding of all federal and state laws and regulatory guidance applicable to the organization and responsibilities of the role.

What Sets You Apart

• Strong background in developing solutions using AI
• 10+ years of information security to include expertise in Identity and Access Management
• Validated interpersonal skills and the ability to engage diverse partners, including executive audiences
• Background in IT/IS risk consulting in the financial industry

Compensation Range: The salary range for this position is: $164,780 - $314,960.

USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location.

Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.

For more details on our outstanding benefits, visit our benefits page on USAAjobs.com.