IT Risk Principal

Summary:

The IT Risk Principal is a member of Huntington's Independent (2nd Line) IT Risk function. This 2nd line of defense role encompasses creation, improvement, and execution of Technology and Operational risk governance across the Bank, including partnership and oversight of front-line business and risk units, in alignment with the Enterprise Risk Framework.

The IT Risk Principal will play a key role in providing oversight of key Cybersecurity programs including Cyber and Cloud enablement as the Bank continues its growth journey.

Duties & Responsibilities:

• Management of processes to ensure credible challenge, oversight, and validation of IT risk findings/action plans/risk acceptances and 1st line risk and control assessments across the Bank
• Management and Oversight of assigned L2 risk(s) from our Risk Registry in alignment with our risk appetite
• Participation and Challenge within the IT Policies and Standards framework and processes to ensure output is aligned with risk appetite. This includes metrics, controls, process maps and other wholesale material for a healthy standard.
• Deliver periodic IT risk updates at governance meetings and active participation in the IT Risk Committee and associated sub-forums
• Deliver quarterly independent IT Risk Assessments and targeted assessments to form and support the Bank's IT risk profile
• Providing Risk Management leadership across the Bank's Information Technology, and Operational risks
• Assisting with determining the IT Risk Program's strategy and areas of focus
• Participation in our mentorship programs in alignment with our focus on colleague growth
• Provide Risk Management and thought leadership across the Bank's Cyber and Cloud domains
• Active participation and challenge of proposed and existing Cyber processes and procedures focused on key topics including Threat and Vulnerability Management, Network Governance and Domain Management, Cybersecurity Operations, Zero Trust, Posture Compliance and Drift Management, Data Governance, Security Education and Outreach Management, Post Quantum Computing, Cyber Risk Quantification, and Red\Blue\Purple Teaming
• Engage with subject/domain owners to provide effective challenge of strategy, decisions, roadmaps, tools/solutions, policies/standards, findings/action plans/risk acceptances, etc.
• Provide deep analysis of Cyber and Cloud vendors, products and services
• Active analysis and oversight of Cyber governance technology controls

Basic Qualifications:

• Bachelor's degree or equivalent level of work experience
• Five or more years relevant experience in a technology role, directly supporting technology processes or assets (applications/systems/etc.) within a financial institution.

Preferred Qualifications:

• Previous experience serving in a Governance/Risk/Compliance/Audit function, ideally in a leadership role and with a large firm
• Effective advisory and collaboration skills, and ability to drive consensus
• Advanced understanding of the IT process (developing, delivering, supporting technology) and associated grasp of Technology Risks and Controls
• Logical and organized problem solver
• Effective written and verbal communication skills. Resource needs to be effective at understanding the technical side but also able to document their assessment (or other analysis items as needed).
• Critical/strategic thinker (able to look at something strategically and think risk, efficiency, cost, etc. – big picture 'so what' analysis and can execute what's needed to help support the effort)
• Process oriented mindset and able to tell a story leveraging data
• Time management/organized/ability to prioritize
• Managerial courage and ability to effectively interact with various levels of leadership
• In-depth knowledge of risk management processes and principles, including experience assessing risks, analyzing testing results and developing remediation plans
• Strong preference for recognized industry certification such as ISACA CRISC/CISA/CISM, ISC2 CISSP/SSCP, or similar. Where these certifications are not possessed at the time of hire, the candidate will be expected to obtain certification within a 12-month period
• Experience working in the Financial Services industry
• KPI/KRI metrics and reporting experience
• Performs other duties as assigned.

Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)

Yes

Workplace Type:

Office

Our Approach to Office Workplace Type

Certain positions outside our branch network may be eligible for a flexible work arrangement. We're combining the best of both worlds: in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team.

Compensation Range:

$93,000 to $189,000 annual salary

The compensation range represents the low and high end of the base compensation range for this position. Actual compensation will vary and may be above or below the range based on various factors including but not limited to location, experience, and performance. Colleagues in this position are also eligible to participate in an applicable incentive compensation plan. In addition, Huntington provides a variety of benefits to colleagues, including health insurance coverage, wellness program, life and disability insurance, retirement savings plan, paid leave programs, paid holidays and paid time off (PTO).

Huntington is an Equal Opportunity Employer.

Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.

Note to Agency Recruiters: Huntington will not pay a fee for any placement resulting from the receipt of an unsolicited resume. All unsolicited resumes sent to any Huntington colleagues, directly or indirectly, will be considered Huntington property. Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.