Position Title Technology Risk Manager

Location Headquarters-Troy, MI

Job Summary The Information Technology Risk Manager is responsible for managing the delivery and program management of all first line of defense risk activities directly or indirectly impacting Information Technology and Information Security within Flagstar. The Information Technology Risk Manager will leverage experience in business and technical acumen environment to direct the program activities in the areas of audit, technology, compliance, risk management and security. The position will be responsible for the IT Risk team, which delivers an Information Technology Risk program with clear, defined operational policy, standards and procedures related to Information Technology and Security.

Job Responsibilities: Develop and manage specific Information Technology and Security risk program elements to mitigate enterprise risks throughout the Bank. Manage the implementation of the components of the Information Technology Risk Program to include external compliance, internal audit, security, vendor management, operational risk, quality assurance and quality controls for technology and information security. Supervises members of the Technology Risk team in their daily activities. Manage the development of guidelines & standards, and training on Risk Management practices and procedures appropriate for Flagstar's needs to ensure that risk responsibilities are understood and carried out throughout the enterprise. Manage technology process improvement projects, and transformational initiatives to improve IT risk and control profile. Supervises the first line of defense Risk Management functions for IT meeting the Enterprise Risk Management (ERM) program elements, processes and compliance requirements. Manage the Risk Controls Self-Assessment process for Information Technology and Information Security. Ensures compliance with applicable federal, state and local laws and regulations. Completes all required compliance training. Maintains knowledge of and adhere to Flagstar's internal compliance policies and procedures. Takes responsibility to keep up to date with changing regulations and policies.

Job Requirements : High School diploma, GED, or foreign equivalent required. Bachelors degree in a related field is strongly desired. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager, (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) preferred. Security, risk and audit specialized training highly recommended. 6 years of previous experience working in Information Security or Information Technology. 3 years of leadership experience and developing a team. 5 years of SOX IT control execution or testing or IT auditing experience or IT risk. 2 years leading Risk and Control Self Assessments for technology or information security. Demonstrated ability to execute and review audits of general IT controls including related infrastructure (Active Directory), operating systems (UNIX, Linux, Windows), databases (Oracle DB and MS SQL DB), and applications (Oracle, PeopleSoft, Salesforce, etc.). Design and manage root cause analysis, control gap assessments, and process improvement projects using technical and problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions. Manage and implement Governance, Risk and Control frameworks, and systems for technology and information security. Lead implementation of Industry standard frameworks for technology, such as COBIT, ISO, NIST, SANS, and others. Supervise the development of internal control documentation including narratives, process and data flows, and other suppo